Subject: bin/13358: ssh host key location not configurable
To: None <gnats-bugs@gnats.netbsd.org>
From: None <amw@iastate.edu>
List: netbsd-bugs
Date: 07/02/2001 15:39:22
>Number:         13358
>Category:       bin
>Synopsis:       ssh host key location not configurable
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Jul 02 13:37:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     amw@iastate.edu
>Release:        1.5.1b2
>Organization:
AIT, Iowa State University
>Environment:
	
System: NetBSD itchy.ait.iastate.edu 1.5.1_BETA2 NetBSD 1.5.1_BETA2 (GENERIC) #6: Fri Jun 8 13:36:23 CDT 2001 root@ulkesh.ait.iastate.edu:/usr/src/sys/arch/i386/compile/GENERIC i386


>Description:
	The /etc/rc.d/sshd script assumes that host keys will live in /etc.
	Adding a ssh_key_dir variable to /etc/defaults/rc.conf and
	making the location configurable would be useful.  Making
	the sshd.conf file location configurable would also be
	desirable.

>How-To-Repeat:
	
>Fix:
add the following two lines to /etc/defaults/rc.conf
	ssh_key_dir="/etc"
	ssh_conf_file="/etc/sshd.conf"

modify /etc/rc.d/sshd as follows:

#!/bin/sh
#
# $NetBSD: sshd,v 1.5.2.5 2001/03/30 22:37:49 he Exp $
#

# PROVIDE: sshd
# REQUIRE: LOGIN

. /etc/rc.subr

name="sshd"
rcvar=$name
command="/usr/sbin/${name}"
pidfile="/var/run/${name}.pid"
required_files=${ssh_conf_file}
extra_commands="keygen reload"

sshd_keygen()
{
	if [ -f ${ssh_key_dir}/ssh_host_key ]; then
		echo "You already have an RSA host key in ${ssh_key_dir}/ssh_host_key"
		echo "Skipping protocol version 1 RSA Key Generation"
	else
		umask 022
		/usr/bin/ssh-keygen -t rsa1 -b 1024 -f ${ssh_key_dir}/ssh_host_key -N ''
	fi

	if [ -f ${ssh_key_dir}/ssh_host_dsa_key ]; then
		echo "You already have a DSA host key in ${ssh_key_dir}/ssh_host_dsa_key"
		echo "Skipping protocol version 2 DSA Key Generation"
	else
		umask 022
		/usr/bin/ssh-keygen -t dsa -f ${ssh_key_dir}/ssh_host_dsa_key -N ''
	fi

	if [ -f ${ssh_key_dir}/ssh_host_rsa_key ]; then
		echo "You already have a RSA host key in ${ssh_key_dir}/ssh_host_rsa_key"
		echo "Skipping protocol version 2 RSA Key Generation"
	else
		umask 022
		/usr/bin/ssh-keygen -t rsa -f ${ssh_key_dir}/ssh_host_rsa_key -N ''
	fi
}

sshd_precmd()
{
	if [ ! -f ${ssh_key_dir}/ssh_host_key -o ! -f ${ssh_key_dir}/ssh_host_dsa_key -o \
	     ! -f ${ssh_key_dir}/ssh_host_rsa_key ]; then
		/etc/rc.d/sshd keygen
	fi
}

keygen_cmd=sshd_keygen
start_precmd=sshd_precmd

load_rc_config $name
run_rc_command "$1"
>Release-Note:
>Audit-Trail:
>Unformatted: