[openssh-commits] [openssh] 01/01: modified: configure.ac opensshd.init.in Skip generating missing RSA1 key on startup unless ssh1 support is enabled. Spotted by Jean-Pierre Radley

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Aug 2 07:38:06 AEST 2016 

This is an automated email from the git hooks/post-receive script.

tim pushed a commit to branch master
in repository openssh.

commit cf3e0be7f5828a5e5f6c296a607d20be2f07d60c
Author: Tim Rice <tim at multitalents.net>
Date:   Mon Aug 1 14:31:52 2016 -0700

    modified:   configure.ac opensshd.init.in
    Skip generating missing RSA1 key on startup unless ssh1 support is enabled.
    Spotted by Jean-Pierre Radley
---
 configure.ac     | 3 +++
 opensshd.init.in | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 373d21b..7c1956d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -123,6 +123,7 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
 
 openssl=yes
 ssh1=no
+COMMENT_OUT_RSA1="#no ssh1#"
 AC_ARG_WITH([openssl],
 	[  --without-openssl       Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
 	[  if test "x$withval" = "xno" ; then
@@ -147,6 +148,7 @@ AC_ARG_WITH([ssh1],
 				AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
 			fi
 			ssh1=yes
+			COMMENT_OUT_RSA1=""
 		elif test "x$withval" = "xno" ; then
 			ssh1=no
 		else
@@ -158,6 +160,7 @@ AC_MSG_CHECKING([whether SSH protocol 1 support is enabled])
 if test "x$ssh1" = "xyes" ; then
 	AC_MSG_RESULT([yes])
 	AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
+	AC_SUBST([COMMENT_OUT_RSA1])
 else
 	AC_MSG_RESULT([no])
 fi
diff --git a/opensshd.init.in b/opensshd.init.in
index 517345b..3908566 100755
--- a/opensshd.init.in
+++ b/opensshd.init.in
@@ -25,9 +25,9 @@ HOST_KEY_ED25519=$sysconfdir/ssh_host_ed25519_key
 
 
 checkkeys() {
-    if [ ! -f $HOST_KEY_RSA1 ]; then
-	${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
-    fi
+ at COMMENT_OUT_RSA1@    if [ ! -f $HOST_KEY_RSA1 ]; then
+ at COMMENT_OUT_RSA1@	${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
+ at COMMENT_OUT_RSA1@    fi
     if [ ! -f $HOST_KEY_DSA ]; then
 	${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
     fi

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list