Generate SSH1 host key by default?
Corinna Vinschen
vinschen at redhat.com
Fri Feb 4 21:01:05 EST 2011
Ping?
This would have been nice to have in 5.8p1, too.
Corinna
On Feb 1 09:56, Corinna Vinschen wrote:
> [...]
> Ok, so I keep the SSH1 keys generation in. Would you mind to apply
> the below patch? It adds ECDSA key generation for host and user and
> simplifies the ssh-user-config script.
>
>
> Thanks,
> Corinna
>
>
> Index: contrib/cygwin//ssh-host-config
> ===================================================================
> RCS file: /cvs/openssh/contrib/cygwin/ssh-host-config,v
> retrieving revision 1.29
> diff -u -p -r1.29 ssh-host-config
> --- contrib/cygwin//ssh-host-config 24 Mar 2010 02:03:32 -0000 1.29
> +++ contrib/cygwin//ssh-host-config 1 Feb 2011 08:55:59 -0000
> @@ -63,6 +63,12 @@ create_host_keys() {
> csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
> ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
> fi
> +
> + if [ ! -f "${SYSCONFDIR}/ssh_host_ecdsa_key" ]
> + then
> + csih_inform "Generating ${SYSCONFDIR}/ssh_host_ecdsa_key"
> + ssh-keygen -t ecdsa -f ${SYSCONFDIR}/ssh_host_ecdsa_key -N '' > /dev/null
> + fi
> } # --- End of create_host_keys --- #
>
> # ======================================================================
> Index: contrib/cygwin//ssh-user-config
> ===================================================================
> RCS file: /cvs/openssh/contrib/cygwin/ssh-user-config,v
> retrieving revision 1.7
> diff -u -p -r1.7 ssh-user-config
> --- contrib/cygwin//ssh-user-config 29 Jul 2009 14:21:13 -0000 1.7
> +++ contrib/cygwin//ssh-user-config 1 Feb 2011 08:55:59 -0000
> @@ -39,85 +39,34 @@ pwdhome=
> with_passphrase=
>
> # ======================================================================
> -# Routine: create_ssh1_identity
> -# optionally create ~/.ssh/identity[.pub]
> +# Routine: create_identity
> +# optionally create identity of type argument in ~/.ssh
> # optionally add result to ~/.ssh/authorized_keys
> # ======================================================================
> -create_ssh1_identity() {
> - if [ ! -f "${pwdhome}/.ssh/identity" ]
> +create_identity() {
> + local file="$1"
> + local type="$2"
> + local name="$3"
> + if [ ! -f "${pwdhome}/.ssh/${file}" ]
> then
> - if csih_request "Shall I create an SSH1 RSA identity file for you?"
> + if csih_request "Shall I create a ${name} identity file for you?"
> then
> - csih_inform "Generating ${pwdhome}/.ssh/identity"
> + csih_inform "Generating ${pwdhome}/.ssh/${file}"
> if [ "${with_passphrase}" = "yes" ]
> then
> - ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
> + ssh-keygen -t "${type}" -N "${passphrase}" -f "${pwdhome}/.ssh/${file}" > /dev/null
> else
> - ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
> + ssh-keygen -t "${type}" -f "${pwdhome}/.ssh/${file}" > /dev/null
> fi
> if csih_request "Do you want to use this identity to login to this machine?"
> then
> csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
> - cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
> + cat "${pwdhome}/.ssh/${file}.pub" >> "${pwdhome}/.ssh/authorized_keys"
> fi
> fi
> fi
> } # === End of create_ssh1_identity() === #
> -readonly -f create_ssh1_identity
> -
> -# ======================================================================
> -# Routine: create_ssh2_rsa_identity
> -# optionally create ~/.ssh/id_rsa[.pub]
> -# optionally add result to ~/.ssh/authorized_keys
> -# ======================================================================
> -create_ssh2_rsa_identity() {
> - if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
> - then
> - if csih_request "Shall I create an SSH2 RSA identity file for you?"
> - then
> - csih_inform "Generating ${pwdhome}/.ssh/id_rsa"
> - if [ "${with_passphrase}" = "yes" ]
> - then
> - ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
> - else
> - ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
> - fi
> - if csih_request "Do you want to use this identity to login to this machine?"
> - then
> - csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
> - cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
> - fi
> - fi
> - fi
> -} # === End of create_ssh2_rsa_identity() === #
> -readonly -f create_ssh2_rsa_identity
> -
> -# ======================================================================
> -# Routine: create_ssh2_dsa_identity
> -# optionally create ~/.ssh/id_dsa[.pub]
> -# optionally add result to ~/.ssh/authorized_keys
> -# ======================================================================
> -create_ssh2_dsa_identity() {
> - if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
> - then
> - if csih_request "Shall I create an SSH2 DSA identity file for you?"
> - then
> - csih_inform "Generating ${pwdhome}/.ssh/id_dsa"
> - if [ "${with_passphrase}" = "yes" ]
> - then
> - ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
> - else
> - ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
> - fi
> - if csih_request "Do you want to use this identity to login to this machine?"
> - then
> - csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
> - cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
> - fi
> - fi
> - fi
> -} # === End of create_ssh2_dsa_identity() === #
> -readonly -f create_ssh2_dsa_identity
> +readonly -f create_identity
>
> # ======================================================================
> # Routine: check_user_homedir
> @@ -311,9 +260,10 @@ fi
>
> check_user_homedir
> check_user_dot_ssh_dir
> -create_ssh1_identity
> -create_ssh2_rsa_identity
> -create_ssh2_dsa_identity
> +create_identity id_rsa rsa "SSH2 RSA"
> +create_identity id_dsa dsa "SSH2 DSA"
> +create_identity id_ecdsa ecdsa "SSH2 ECDSA"
> +create_identity identity rsa1 "(deprecated) SSH1 RSA"
> fix_authorized_keys_perms
>
> echo
>
> --
> Corinna Vinschen
> Cygwin Project Co-Leader
> Red Hat
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
More information about the openssh-unix-dev
mailing list