273d637227
Split out the host keygen into their own command, to ease future migration to systemd. Compatitbility with the init script was kept. Migrate the package to full native systemd unit files, according to the Fedora packaging guidelines. Prepate the unit files for running an ondemand server. (do not add it actually)
91 lines
2.0 KiB
Bash
91 lines
2.0 KiB
Bash
#!/bin/bash
|
|
|
|
# Create the host keys for the OpenSSH server.
|
|
#
|
|
# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment
|
|
# variable.
|
|
|
|
# source function library
|
|
. /etc/rc.d/init.d/functions
|
|
|
|
# pull in sysconfig settings
|
|
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
|
|
|
|
# Some functions to make the below more readable
|
|
KEYGEN=/usr/bin/ssh-keygen
|
|
RSA1_KEY=/etc/ssh/ssh_host_key
|
|
RSA_KEY=/etc/ssh/ssh_host_rsa_key
|
|
DSA_KEY=/etc/ssh/ssh_host_dsa_key
|
|
|
|
do_rsa1_keygen() {
|
|
if [ ! -s $RSA1_KEY ]; then
|
|
echo -n $"Generating SSH1 RSA host key: "
|
|
rm -f $RSA1_KEY
|
|
if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
|
|
chgrp ssh_keys $RSA1_KEY
|
|
chmod 640 $RSA1_KEY
|
|
chmod 644 $RSA1_KEY.pub
|
|
if [ -x /sbin/restorecon ]; then
|
|
/sbin/restorecon $RSA1_KEY.pub
|
|
fi
|
|
success $"RSA1 key generation"
|
|
echo
|
|
else
|
|
failure $"RSA1 key generation"
|
|
echo
|
|
exit 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
do_rsa_keygen() {
|
|
if [ ! -s $RSA_KEY ]; then
|
|
echo -n $"Generating SSH2 RSA host key: "
|
|
rm -f $RSA_KEY
|
|
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
|
|
chgrp ssh_keys $RSA_KEY
|
|
chmod 640 $RSA_KEY
|
|
chmod 644 $RSA_KEY.pub
|
|
if [ -x /sbin/restorecon ]; then
|
|
/sbin/restorecon $RSA_KEY.pub
|
|
fi
|
|
success $"RSA key generation"
|
|
echo
|
|
else
|
|
failure $"RSA key generation"
|
|
echo
|
|
exit 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
do_dsa_keygen() {
|
|
if [ ! -s $DSA_KEY ]; then
|
|
echo -n $"Generating SSH2 DSA host key: "
|
|
rm -f $DSA_KEY
|
|
if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
|
|
chgrp ssh_keys $DSA_KEY
|
|
chmod 640 $DSA_KEY
|
|
chmod 644 $DSA_KEY.pub
|
|
if [ -x /sbin/restorecon ]; then
|
|
/sbin/restorecon $DSA_KEY.pub
|
|
fi
|
|
success $"DSA key generation"
|
|
echo
|
|
else
|
|
failure $"DSA key generation"
|
|
echo
|
|
exit 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# Create keys if necessary
|
|
if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
|
|
do_rsa_keygen
|
|
if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
|
|
do_rsa1_keygen
|
|
do_dsa_keygen
|
|
fi
|
|
fi
|