diff options
| author | Darren Tucker <dtucker@dtucker.net> | 2021-08-20 18:14:13 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2021-08-20 18:14:13 +1000 |
| commit | 95401eea8503943449f712e5f3de52fc0bc612c5 (patch) | |
| tree | 0c429cfd9593d2ef2f502f9f4bf84450ffd47930 | |
| parent | d83ec9ed995a76ed1d5c65cf10b447222ec86131 (diff) | |
| download | openssh-git-95401eea8503943449f712e5f3de52fc0bc612c5.tar.gz | |
Replace shell function with ssh-keygen -A.
Prevents the init script in the SysV package from trying (and failing)
to generate unsupported key types. Remove now-unused COMMENT_OUT_ECC.
ok tim@
| -rw-r--r-- | configure.ac | 5 | ||||
| -rwxr-xr-x | opensshd.init.in | 22 |
2 files changed, 1 insertions, 26 deletions
diff --git a/configure.ac b/configure.ac index 01e7d2a4..cbf27db2 100644 --- a/configure.ac +++ b/configure.ac @@ -3100,7 +3100,6 @@ if test "x$openssl" = "xyes" ; then AC_MSG_RESULT([no]) ) - COMMENT_OUT_ECC="#no ecc#" TEST_SSH_ECC=no if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ @@ -3115,7 +3114,6 @@ if test "x$openssl" = "xyes" ; then AC_DEFINE([OPENSSL_HAS_NISTP256], [1], [libcrypto has NID_X9_62_prime256v1]) TEST_SSH_ECC=yes - COMMENT_OUT_ECC="" else unsupported_algorithms="$unsupported_algorithms \ ecdsa-sha2-nistp256 \ @@ -3125,7 +3123,6 @@ if test "x$openssl" = "xyes" ; then if test x$enable_nistp384 = x1; then AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) TEST_SSH_ECC=yes - COMMENT_OUT_ECC="" else unsupported_algorithms="$unsupported_algorithms \ ecdsa-sha2-nistp384 \ @@ -3135,7 +3132,6 @@ if test "x$openssl" = "xyes" ; then if test x$enable_nistp521 = x1; then AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) TEST_SSH_ECC=yes - COMMENT_OUT_ECC="" else unsupported_algorithms="$unsupported_algorithms \ ecdh-sha2-nistp521 \ @@ -3144,7 +3140,6 @@ if test "x$openssl" = "xyes" ; then fi AC_SUBST([TEST_SSH_ECC]) - AC_SUBST([COMMENT_OUT_ECC]) else AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) AC_CHECK_FUNCS([crypt]) diff --git a/opensshd.init.in b/opensshd.init.in index 99e5a51a..25172480 100755 --- a/opensshd.init.in +++ b/opensshd.init.in @@ -17,26 +17,6 @@ PIDFILE=$piddir/sshd.pid PidFile=`grep "^PidFile" ${sysconfdir}/sshd_config | tr "=" " " | awk '{print $2}'` [ X$PidFile = X ] || PIDFILE=$PidFile SSH_KEYGEN=$prefix/bin/ssh-keygen -HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key -HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key -@COMMENT_OUT_ECC@HOST_KEY_ECDSA=$sysconfdir/ssh_host_ecdsa_key -HOST_KEY_ED25519=$sysconfdir/ssh_host_ed25519_key - - -checkkeys() { - if [ ! -f $HOST_KEY_DSA ]; then - ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N "" - fi - if [ ! -f $HOST_KEY_RSA ]; then - ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N "" - fi -@COMMENT_OUT_ECC@ if [ ! -f $HOST_KEY_ECDSA ]; then -@COMMENT_OUT_ECC@ ${SSH_KEYGEN} -t ecdsa -f ${HOST_KEY_ECDSA} -N "" -@COMMENT_OUT_ECC@ fi - if [ ! -f $HOST_KEY_ED25519 ]; then - ${SSH_KEYGEN} -t ed25519 -f ${HOST_KEY_ED25519} -N "" - fi -} stop_service() { if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then @@ -54,7 +34,7 @@ start_service() { # XXX we will opt out at this time. - Bal # Check to see if we have keys that need to be made - checkkeys + ${SSH_KEYGEN} -A # Start SSHD echo "starting $SSHD... \c" ; $SSHD |