[openssh-commits] [openssh] 01/01: Replace shell function with ssh-keygen -A.

Fri Aug 20 18:16:55 AEST 2021

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 95401eea8503943449f712e5f3de52fc0bc612c5
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Fri Aug 20 18:14:13 2021 +1000

    Replace shell function with ssh-keygen -A.
    
    Prevents the init script in the SysV package from trying (and failing)
    to generate unsupported key types.  Remove now-unused COMMENT_OUT_ECC.
    ok tim@
---
 configure.ac     |  5 -----
 opensshd.init.in | 22 +---------------------
 2 files changed, 1 insertion(+), 26 deletions(-)

diff --git a/configure.ac b/configure.ac
index 01e7d2a4..cbf27db2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3100,7 +3100,6 @@ if test "x$openssl" = "xyes" ; then
 		AC_MSG_RESULT([no])
 	)
 
-	COMMENT_OUT_ECC="#no ecc#"
 	TEST_SSH_ECC=no
 
 	if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
@@ -3115,7 +3114,6 @@ if test "x$openssl" = "xyes" ; then
 		AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
 		    [libcrypto has NID_X9_62_prime256v1])
 		TEST_SSH_ECC=yes
-		COMMENT_OUT_ECC=""
 	else
 		unsupported_algorithms="$unsupported_algorithms \
 			ecdsa-sha2-nistp256 \
@@ -3125,7 +3123,6 @@ if test "x$openssl" = "xyes" ; then
 	if test x$enable_nistp384 = x1; then
 		AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
 		TEST_SSH_ECC=yes
-		COMMENT_OUT_ECC=""
 	else
 		unsupported_algorithms="$unsupported_algorithms \
 			ecdsa-sha2-nistp384 \
@@ -3135,7 +3132,6 @@ if test "x$openssl" = "xyes" ; then
 	if test x$enable_nistp521 = x1; then
 		AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
 		TEST_SSH_ECC=yes
-		COMMENT_OUT_ECC=""
 	else
 		unsupported_algorithms="$unsupported_algorithms \
 			ecdh-sha2-nistp521 \
@@ -3144,7 +3140,6 @@ if test "x$openssl" = "xyes" ; then
 	fi
 
 	AC_SUBST([TEST_SSH_ECC])
-	AC_SUBST([COMMENT_OUT_ECC])
 else
 	AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
 	AC_CHECK_FUNCS([crypt])
diff --git a/opensshd.init.in b/opensshd.init.in
index 99e5a51a..25172480 100755
--- a/opensshd.init.in
+++ b/opensshd.init.in
@@ -17,26 +17,6 @@ PIDFILE=$piddir/sshd.pid
 PidFile=`grep "^PidFile" ${sysconfdir}/sshd_config | tr "=" " " | awk '{print $2}'`
 [ X$PidFile = X ]  ||  PIDFILE=$PidFile
 SSH_KEYGEN=$prefix/bin/ssh-keygen
-HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key
-HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key
- at COMMENT_OUT_ECC@HOST_KEY_ECDSA=$sysconfdir/ssh_host_ecdsa_key
-HOST_KEY_ED25519=$sysconfdir/ssh_host_ed25519_key
-
-
-checkkeys() {
-    if [ ! -f $HOST_KEY_DSA ]; then
-	${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
-    fi
-    if [ ! -f $HOST_KEY_RSA ]; then
-	${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
-    fi
- at COMMENT_OUT_ECC@    if [ ! -f $HOST_KEY_ECDSA ]; then
- at COMMENT_OUT_ECC@	${SSH_KEYGEN} -t ecdsa -f ${HOST_KEY_ECDSA} -N ""
- at COMMENT_OUT_ECC@    fi
-    if [ ! -f $HOST_KEY_ED25519 ]; then
-	${SSH_KEYGEN} -t ed25519 -f ${HOST_KEY_ED25519} -N ""
-    fi
-}
 
 stop_service() {
     if [  -r $PIDFILE  -a  ! -z ${PIDFILE}  ]; then
@@ -54,7 +34,7 @@ start_service() {
     # XXX we will opt out at this time. - Bal
 
     # Check to see if we have keys that need to be made
-    checkkeys
+    ${SSH_KEYGEN} -A
 
     # Start SSHD
     echo "starting $SSHD... \c"         ; $SSHD

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
