tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Replace shell function with ssh-keygen -A. 

Prevents the init script in the SysV package from trying (and failing)
to generate unsupported key types.  Remove now-unused COMMENT_OUT_ECC.
ok tim@
This commit is contained in:
Darren Tucker 2021-08-20 18:14:13 +10:00
parent d83ec9ed99
commit 95401eea85
2 changed files with 1 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
configure.ac
View File

@ -3100,7 +3100,6 @@ if test "x$openssl" = "xyes" ; then
AC_MSG_RESULT([no]) AC_MSG_RESULT([no])
) )
COMMENT_OUT_ECC="#no ecc#"
TEST_SSH_ECC=no TEST_SSH_ECC=no
if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
@ -3115,7 +3114,6 @@ if test "x$openssl" = "xyes" ; then
AC_DEFINE([OPENSSL_HAS_NISTP256], [1], AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
[libcrypto has NID_X9_62_prime256v1]) [libcrypto has NID_X9_62_prime256v1])
TEST_SSH_ECC=yes TEST_SSH_ECC=yes
COMMENT_OUT_ECC=""
else else
unsupported_algorithms="$unsupported_algorithms \ unsupported_algorithms="$unsupported_algorithms \
ecdsa-sha2-nistp256 \ ecdsa-sha2-nistp256 \
@ -3125,7 +3123,6 @@ if test "x$openssl" = "xyes" ; then
if test x$enable_nistp384 = x1; then if test x$enable_nistp384 = x1; then
AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
TEST_SSH_ECC=yes TEST_SSH_ECC=yes
COMMENT_OUT_ECC=""
else else
unsupported_algorithms="$unsupported_algorithms \ unsupported_algorithms="$unsupported_algorithms \
ecdsa-sha2-nistp384 \ ecdsa-sha2-nistp384 \
@ -3135,7 +3132,6 @@ if test "x$openssl" = "xyes" ; then
if test x$enable_nistp521 = x1; then if test x$enable_nistp521 = x1; then
AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
TEST_SSH_ECC=yes TEST_SSH_ECC=yes
COMMENT_OUT_ECC=""
else else
unsupported_algorithms="$unsupported_algorithms \ unsupported_algorithms="$unsupported_algorithms \
ecdh-sha2-nistp521 \ ecdh-sha2-nistp521 \
@ -3144,7 +3140,6 @@ if test "x$openssl" = "xyes" ; then
fi fi
AC_SUBST([TEST_SSH_ECC]) AC_SUBST([TEST_SSH_ECC])
AC_SUBST([COMMENT_OUT_ECC])
else else
AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
AC_CHECK_FUNCS([crypt]) AC_CHECK_FUNCS([crypt])

22
opensshd.init.in
View File

@ -17,26 +17,6 @@ PIDFILE=$piddir/sshd.pid
PidFile=`grep "^PidFile" ${sysconfdir}/sshd_config | tr "=" " " | awk '{print $2}'` PidFile=`grep "^PidFile" ${sysconfdir}/sshd_config | tr "=" " " | awk '{print $2}'`
[ X$PidFile = X ] || PIDFILE=$PidFile [ X$PidFile = X ] || PIDFILE=$PidFile
SSH_KEYGEN=$prefix/bin/ssh-keygen SSH_KEYGEN=$prefix/bin/ssh-keygen
HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key
HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key
@COMMENT_OUT_ECC@HOST_KEY_ECDSA=$sysconfdir/ssh_host_ecdsa_key
HOST_KEY_ED25519=$sysconfdir/ssh_host_ed25519_key
checkkeys() {
if [ ! -f $HOST_KEY_DSA ]; then
${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
fi
if [ ! -f $HOST_KEY_RSA ]; then
${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
fi
@COMMENT_OUT_ECC@ if [ ! -f $HOST_KEY_ECDSA ]; then
@COMMENT_OUT_ECC@ ${SSH_KEYGEN} -t ecdsa -f ${HOST_KEY_ECDSA} -N ""
@COMMENT_OUT_ECC@ fi
if [ ! -f $HOST_KEY_ED25519 ]; then
${SSH_KEYGEN} -t ed25519 -f ${HOST_KEY_ED25519} -N ""
fi
}
stop_service() { stop_service() {
if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then
@ -54,7 +34,7 @@ start_service() {
# XXX we will opt out at this time. - Bal # XXX we will opt out at this time. - Bal
# Check to see if we have keys that need to be made # Check to see if we have keys that need to be made
checkkeys ${SSH_KEYGEN} -A
# Start SSHD # Start SSHD
echo "starting $SSHD... \c" ; $SSHD echo "starting $SSHD... \c" ; $SSHD