[openssh] use only rsa and ecdsa host keys by default
plautrba
plautrba at fedoraproject.org
Wed Dec 11 14:18:26 UTC 2013
commit 2b2955a33280a3d00c65b2efa309046a20ef67e2
Author: Petr Lautrbach <plautrba at redhat.com>
Date: Mon Dec 9 17:30:18 2013 +0100
use only rsa and ecdsa host keys by default
openssh-6.3p1-redhat.patch | 12 ++++++++++++
sshd-keygen | 7 ++++---
sshd.sysconfig | 8 +++++---
3 files changed, 21 insertions(+), 6 deletions(-)
---
diff --git a/openssh-6.3p1-redhat.patch b/openssh-6.3p1-redhat.patch
index 5b1ec1d..d85244d 100644
--- a/openssh-6.3p1-redhat.patch
+++ b/openssh-6.3p1-redhat.patch
@@ -58,6 +58,18 @@ diff -up openssh-6.3p1/sshd_config.redhat openssh-6.3p1/sshd_config
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
+@@ -21,9 +25,9 @@
+ # HostKey for protocol version 1
+ #HostKey /etc/ssh/ssh_host_key
+ # HostKeys for protocol version 2
+-#HostKey /etc/ssh/ssh_host_rsa_key
++HostKey /etc/ssh/ssh_host_rsa_key
+ #HostKey /etc/ssh/ssh_host_dsa_key
+-#HostKey /etc/ssh/ssh_host_ecdsa_key
++HostKey /etc/ssh/ssh_host_ecdsa_key
+
+ # Lifetime and size of ephemeral version 1 server key
+ #KeyRegenerationInterval 1h
@@ -35,6 +39,7 @@
# Logging
# obsoletes QuietMode and FascistLogging
diff --git a/sshd-keygen b/sshd-keygen
index 5f158fd..d54e4b9 100644
--- a/sshd-keygen
+++ b/sshd-keygen
@@ -4,7 +4,7 @@
#
# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment
# variable.
-AUTOCREATE_SERVER_KEYS=RSAONLY
+AUTOCREATE_SERVER_KEYS=NODSA
# source function library
. /etc/rc.d/init.d/functions
@@ -115,8 +115,9 @@ do_ecdsa_keygen() {
if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
do_rsa_keygen
if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
- do_rsa1_keygen
- do_dsa_keygen
do_ecdsa_keygen
+ if [ "x${AUTOCREATE_SERVER_KEYS}" != xNODSA ]; then
+ do_dsa_keygen
+ fi
fi
fi
diff --git a/sshd.sysconfig b/sshd.sysconfig
index 9a30a83..ddd7744 100644
--- a/sshd.sysconfig
+++ b/sshd.sysconfig
@@ -1,9 +1,11 @@
# Configuration file for the sshd service.
-# The server keys are automatically generated if they ommited
-# to change the automatic creation uncomment the approprite
-# line. The default is RSAONLY
+# The server keys are automatically generated if they omitted
+# to change the automatic creation uncomment the appropriate
+# line. The default is NODSA which means rsa and ecdsa keys are
+# generated.
+# AUTOCREATE_SERVER_KEYS=NODSA
# AUTOCREATE_SERVER_KEYS=RSAONLY
# AUTOCREATE_SERVER_KEYS=NO
# AUTOCREATE_SERVER_KEYS=YES
More information about the scm-commits
mailing list