commit 35cb43f788539c3bbdc2f68066a256cdc2552222
Author: Elan Ruusamäe <[email protected]>
Date: Sun Mar 1 15:05:12 2015 +0200
simplify ssh key gen, reuse code
openssh.spec | 11 ++++++-----
opensshd.init | 27 +--------------------------
sshd-keygen | 42 ++++++++++++++++--------------------------
3 files changed, 23 insertions(+), 57 deletions(-)
---
diff --git a/openssh.spec b/openssh.spec
index 6970a97..315173f 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -634,16 +634,17 @@ install -p sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
cp -p sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
-ln -sf /etc/profile.d/ssh-agent.sh
$RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
+ln -sf /etc/profile.d/ssh-agent.sh
$RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
cp -p %{SOURCE8} $RPM_BUILD_ROOT/etc/init/sshd.conf
-%{__sed} -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' %{SOURCE9}
>$RPM_BUILD_ROOT%{systemdunitdir}/sshd.service
-cp -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
+cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
+install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
-cp -p %{SOURCE11} $RPM_BUILD_ROOT%{systemdunitdir}
-cp -p %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
+%{__sed} -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
+ $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service
+ $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
%if %{with gnome}
install -p contrib/gnome-ssh-askpass1
$RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
diff --git a/opensshd.init b/opensshd.init
index a00a9da..f78007e 100755
--- a/opensshd.init
+++ b/opensshd.init
@@ -46,32 +46,7 @@ checkconfig() {
}
ssh_gen_keys() {
- # generate new keys with empty passwords if they do not exist
- if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
- /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
- chmod 600 /etc/ssh/ssh_host_key
- [ -x /sbin/restorecon ] && /sbin/restorecon
/etc/ssh/ssh_host_key
- fi
- if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key
]; then
- /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
>&2
- chmod 600 /etc/ssh/ssh_host_rsa_key
- [ -x /sbin/restorecon ] && /sbin/restorecon
/etc/ssh/ssh_host_rsa_key
- fi
- if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key
]; then
- /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
>&2
- chmod 600 /etc/ssh/ssh_host_dsa_key
- [ -x /sbin/restorecon ] && /sbin/restorecon
/etc/ssh/ssh_host_dsa_key
- fi
- if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s
/etc/ssh/ssh_host_ecdsa_key ]; then
- /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N
'' >&2
- chmod 600 /etc/ssh/ssh_host_ecdsa_key
- [ -x /sbin/restorecon ] && /sbin/restorecon
/etc/ssh/ssh_host_ecdsa_key
- fi # ecdsa
- if [ ! -f /etc/ssh/ssh_host_ed25519_key -o ! -s
/etc/ssh/ssh_host_ed25519_key ]; then
- /usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
-N '' >&2
- chmod 600 /etc/ssh/ssh_host_ed25519_key
- [ -x /sbin/restorecon ] && /sbin/restorecon
/etc/ssh/ssh_host_ed25519_key
- fi # ed25519
+ @@LIBEXECDIR@@/sshd-keygen
}
start() {
diff --git a/sshd-keygen b/sshd-keygen
index 1f2b320..c6205e6 100644
--- a/sshd-keygen
+++ b/sshd-keygen
@@ -3,30 +3,20 @@
# Get service config
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
+# generate new key with empty password if it does not exist
+ssh_gen_key() {
+ local type="$1" keyfile="$2"
+
+ test -s $keyfile && return
+
+ /usr/bin/ssh-keygen -t $type -f $keyfile -N '' >&2
+ chmod 600 $keyfile
+ [ -x /sbin/restorecon ] && /sbin/restorecon $keyfile
+}
+
# generate new keys with empty passwords if they do not exist
-if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
- /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
- chmod 600 /etc/ssh/ssh_host_key
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
-fi
-if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
- /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
- chmod 600 /etc/ssh/ssh_host_rsa_key
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
-fi
-if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
- /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
- chmod 600 /etc/ssh/ssh_host_dsa_key
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
-fi
-if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ];
then
- /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
- chmod 600 /etc/ssh/ssh_host_ecdsa_key
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
-fi # ecdsa
-if [ ! -f /etc/ssh/ssh_host_ed25519_key -o ! -s /etc/ssh/ssh_host_ed25519_key
]; then
- /usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''
>&2
- chmod 600 /etc/ssh/ssh_host_ed25519_key
- [ -x /sbin/restorecon ] && /sbin/restorecon
/etc/ssh/ssh_host_ed25519_key
-fi # ed25519
-exit 0
+ssh_gen_key rsa1 /etc/ssh/ssh_host_key
+ssh_gen_key rsa /etc/ssh/ssh_host_rsa_key
+ssh_gen_key dsa /etc/ssh/ssh_host_dsa_key
+ssh_gen_key ecdsa /etc/ssh/ssh_host_ecdsa_key
+ssh_gen_key ed25519 /etc/ssh/ssh_host_ed25519_key
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/openssh.git/commitdiff/d3fc9aae922242138aaa88b27f29e9e74a1713d1
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
