Generate SSH1 host key by default?

Corinna Vinschen vinschen at redhat.com
Fri Feb 4 21:01:05 EST 2011


Ping?

This would have been nice to have in 5.8p1, too.


Corinna

On Feb  1 09:56, Corinna Vinschen wrote:
> [...]
> Ok, so I keep the SSH1 keys generation in.  Would you mind to apply
> the below patch?  It adds ECDSA key generation for host and user and
> simplifies the ssh-user-config script.
> 
> 
> Thanks,
> Corinna
> 
> 
> Index: contrib/cygwin//ssh-host-config
> ===================================================================
> RCS file: /cvs/openssh/contrib/cygwin/ssh-host-config,v
> retrieving revision 1.29
> diff -u -p -r1.29 ssh-host-config
> --- contrib/cygwin//ssh-host-config	24 Mar 2010 02:03:32 -0000	1.29
> +++ contrib/cygwin//ssh-host-config	1 Feb 2011 08:55:59 -0000
> @@ -63,6 +63,12 @@ create_host_keys() {
>      csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
>      ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
>    fi
> +
> +  if [ ! -f "${SYSCONFDIR}/ssh_host_ecdsa_key" ]
> +  then
> +    csih_inform "Generating ${SYSCONFDIR}/ssh_host_ecdsa_key"
> +    ssh-keygen -t ecdsa -f ${SYSCONFDIR}/ssh_host_ecdsa_key -N '' > /dev/null
> +  fi
>  } # --- End of create_host_keys --- #
>  
>  # ======================================================================
> Index: contrib/cygwin//ssh-user-config
> ===================================================================
> RCS file: /cvs/openssh/contrib/cygwin/ssh-user-config,v
> retrieving revision 1.7
> diff -u -p -r1.7 ssh-user-config
> --- contrib/cygwin//ssh-user-config	29 Jul 2009 14:21:13 -0000	1.7
> +++ contrib/cygwin//ssh-user-config	1 Feb 2011 08:55:59 -0000
> @@ -39,85 +39,34 @@ pwdhome=
>  with_passphrase=
>  
>  # ======================================================================
> -# Routine: create_ssh1_identity
> -#   optionally create ~/.ssh/identity[.pub]
> +# Routine: create_identity
> +#   optionally create identity of type argument in ~/.ssh
>  #   optionally add result to ~/.ssh/authorized_keys
>  # ======================================================================
> -create_ssh1_identity() {
> -  if [ ! -f "${pwdhome}/.ssh/identity" ]
> +create_identity() {
> +  local file="$1"
> +  local type="$2"
> +  local name="$3"
> +  if [ ! -f "${pwdhome}/.ssh/${file}" ]
>    then
> -    if csih_request "Shall I create an SSH1 RSA identity file for you?"
> +    if csih_request "Shall I create a ${name} identity file for you?"
>      then
> -      csih_inform "Generating ${pwdhome}/.ssh/identity"
> +      csih_inform "Generating ${pwdhome}/.ssh/${file}"
>        if [ "${with_passphrase}" = "yes" ]
>        then
> -        ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
> +        ssh-keygen -t "${type}" -N "${passphrase}" -f "${pwdhome}/.ssh/${file}" > /dev/null
>        else
> -        ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
> +        ssh-keygen -t "${type}" -f "${pwdhome}/.ssh/${file}" > /dev/null
>        fi
>        if csih_request "Do you want to use this identity to login to this machine?"
>        then
>          csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
> -        cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
> +        cat "${pwdhome}/.ssh/${file}.pub" >> "${pwdhome}/.ssh/authorized_keys"
>        fi
>      fi
>    fi
>  } # === End of create_ssh1_identity() === #
> -readonly -f create_ssh1_identity
> -
> -# ======================================================================
> -# Routine: create_ssh2_rsa_identity
> -#   optionally create ~/.ssh/id_rsa[.pub]
> -#   optionally add result to ~/.ssh/authorized_keys
> -# ======================================================================
> -create_ssh2_rsa_identity() {
> -  if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
> -  then
> -    if csih_request "Shall I create an SSH2 RSA identity file for you?"
> -    then
> -      csih_inform "Generating ${pwdhome}/.ssh/id_rsa"
> -      if [ "${with_passphrase}" = "yes" ]
> -      then
> -        ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
> -      else
> -        ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
> -      fi
> -      if csih_request "Do you want to use this identity to login to this machine?"
> -      then
> -        csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
> -        cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
> -      fi
> -    fi
> -  fi
> -} # === End of create_ssh2_rsa_identity() === #
> -readonly -f create_ssh2_rsa_identity
> -
> -# ======================================================================
> -# Routine: create_ssh2_dsa_identity
> -#   optionally create ~/.ssh/id_dsa[.pub]
> -#   optionally add result to ~/.ssh/authorized_keys
> -# ======================================================================
> -create_ssh2_dsa_identity() {
> -  if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
> -  then
> -    if csih_request "Shall I create an SSH2 DSA identity file for you?"
> -    then
> -      csih_inform "Generating ${pwdhome}/.ssh/id_dsa"
> -      if [ "${with_passphrase}" = "yes" ]
> -      then
> -        ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
> -      else
> -        ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
> -      fi
> -      if csih_request "Do you want to use this identity to login to this machine?"
> -      then
> -        csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
> -        cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
> -      fi
> -    fi
> -  fi
> -} # === End of create_ssh2_dsa_identity() === #
> -readonly -f create_ssh2_dsa_identity
> +readonly -f create_identity
>  
>  # ======================================================================
>  # Routine: check_user_homedir
> @@ -311,9 +260,10 @@ fi
>  
>  check_user_homedir
>  check_user_dot_ssh_dir
> -create_ssh1_identity
> -create_ssh2_rsa_identity
> -create_ssh2_dsa_identity
> +create_identity id_rsa rsa "SSH2 RSA"
> +create_identity id_dsa dsa "SSH2 DSA"
> +create_identity id_ecdsa ecdsa "SSH2 ECDSA"
> +create_identity identity rsa1 "(deprecated) SSH1 RSA"
>  fix_authorized_keys_perms
>  
>  echo
> 
> -- 
> Corinna Vinschen
> Cygwin Project Co-Leader
> Red Hat
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat


More information about the openssh-unix-dev mailing list