Subject: bin/13358: ssh host key location not configurable
To: None <gnats-bugs@gnats.netbsd.org>
From: None <amw@iastate.edu>
List: netbsd-bugs
Date: 07/02/2001 15:39:22
>Number: 13358
>Category: bin
>Synopsis: ssh host key location not configurable
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Mon Jul 02 13:37:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: amw@iastate.edu
>Release: 1.5.1b2
>Organization:
AIT, Iowa State University
>Environment:
System: NetBSD itchy.ait.iastate.edu 1.5.1_BETA2 NetBSD 1.5.1_BETA2 (GENERIC) #6: Fri Jun 8 13:36:23 CDT 2001 root@ulkesh.ait.iastate.edu:/usr/src/sys/arch/i386/compile/GENERIC i386
>Description:
The /etc/rc.d/sshd script assumes that host keys will live in /etc.
Adding a ssh_key_dir variable to /etc/defaults/rc.conf and
making the location configurable would be useful. Making
the sshd.conf file location configurable would also be
desirable.
>How-To-Repeat:
>Fix:
add the following two lines to /etc/defaults/rc.conf
ssh_key_dir="/etc"
ssh_conf_file="/etc/sshd.conf"
modify /etc/rc.d/sshd as follows:
#!/bin/sh
#
# $NetBSD: sshd,v 1.5.2.5 2001/03/30 22:37:49 he Exp $
#
# PROVIDE: sshd
# REQUIRE: LOGIN
. /etc/rc.subr
name="sshd"
rcvar=$name
command="/usr/sbin/${name}"
pidfile="/var/run/${name}.pid"
required_files=${ssh_conf_file}
extra_commands="keygen reload"
sshd_keygen()
{
if [ -f ${ssh_key_dir}/ssh_host_key ]; then
echo "You already have an RSA host key in ${ssh_key_dir}/ssh_host_key"
echo "Skipping protocol version 1 RSA Key Generation"
else
umask 022
/usr/bin/ssh-keygen -t rsa1 -b 1024 -f ${ssh_key_dir}/ssh_host_key -N ''
fi
if [ -f ${ssh_key_dir}/ssh_host_dsa_key ]; then
echo "You already have a DSA host key in ${ssh_key_dir}/ssh_host_dsa_key"
echo "Skipping protocol version 2 DSA Key Generation"
else
umask 022
/usr/bin/ssh-keygen -t dsa -f ${ssh_key_dir}/ssh_host_dsa_key -N ''
fi
if [ -f ${ssh_key_dir}/ssh_host_rsa_key ]; then
echo "You already have a RSA host key in ${ssh_key_dir}/ssh_host_rsa_key"
echo "Skipping protocol version 2 RSA Key Generation"
else
umask 022
/usr/bin/ssh-keygen -t rsa -f ${ssh_key_dir}/ssh_host_rsa_key -N ''
fi
}
sshd_precmd()
{
if [ ! -f ${ssh_key_dir}/ssh_host_key -o ! -f ${ssh_key_dir}/ssh_host_dsa_key -o \
! -f ${ssh_key_dir}/ssh_host_rsa_key ]; then
/etc/rc.d/sshd keygen
fi
}
keygen_cmd=sshd_keygen
start_precmd=sshd_precmd
load_rc_config $name
run_rc_command "$1"
>Release-Note:
>Audit-Trail:
>Unformatted: