webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

SSH: Replace old RSA keys with a new set

Browse Source 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2015-08-20 23:26:49 +01:00
parent 04da8aa70a
commit ea0033d962
2 changed files with 3 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/rootfiles/core/94/update.sh
View File

@@ -47,6 +47,9 @@ sed -i /etc/ssh/sshd_config \
# Move away old and unsupported keys # Move away old and unsupported keys
mv -f /etc/ssh/ssh_host_dsa_key{,.old} mv -f /etc/ssh/ssh_host_dsa_key{,.old}
# Regenerating weak RSA keys
mv -f /etc/ssh/ssh_host_key{,.old}
mv -f /etc/ssh/ssh_host_rsa_key{,.old}
# Start services # Start services
/etc/init.d/dnsmasq start /etc/init.d/dnsmasq start

12
src/initscripts/init.d/sshd
View File

@@ -12,24 +12,12 @@
case "$1" in case "$1" in
start) start)
if [ ! -e "/etc/ssh/ssh_host_key" ]; then
boot_mesg "Generating SSH host key..."
ssh-keygen -qf /etc/ssh/ssh_host_key -N '' -t rsa1
evaluate_retval
fi
for algo in rsa ecdsa ed25519; do for algo in rsa ecdsa ed25519; do
keyfile="/etc/ssh/ssh_host_${algo}_key" keyfile="/etc/ssh/ssh_host_${algo}_key"
# If the key already exists, there is nothing to do. # If the key already exists, there is nothing to do.
[ -e "${keyfile}" ] && continue [ -e "${keyfile}" ] && continue
case "${algo}" in
rsa)
algo="rsa1"
;;
esac
boot_mesg "Generating SSH key (${algo})..." boot_mesg "Generating SSH key (${algo})..."
ssh-keygen -qf "${keyfile}" -N '' -t ${algo} ssh-keygen -qf "${keyfile}" -N '' -t ${algo}
evaluate_retval evaluate_retval