|
Jan F |
273d63 |
#!/bin/bash
|
|
Jan F |
273d63 |
|
|
Jan F |
273d63 |
# Create the host keys for the OpenSSH server.
|
|
Jakub Jelen |
00c7b7 |
KEYTYPE=$1
|
|
Jakub Jelen |
00c7b7 |
case $KEYTYPE in
|
|
Jakub Jelen |
00c7b7 |
"dsa") ;& # disabled in FIPS
|
|
Jakub Jelen |
00c7b7 |
"ed25519")
|
|
Jakub Jelen |
00c7b7 |
FIPS=/proc/sys/crypto/fips_enabled
|
|
Jakub Jelen |
00c7b7 |
if [[ -r "$FIPS" && $(cat $FIPS) == "1" ]]; then
|
|
Jakub Jelen |
00c7b7 |
exit 0
|
|
Jakub Jelen |
00c7b7 |
fi ;;
|
|
Zoltan Fridrich |
d23ed3 |
"rsa")
|
|
Zoltan Fridrich |
d23ed3 |
if [[ ! -z $SSH_RSA_BITS ]]; then
|
|
Zoltan Fridrich |
d23ed3 |
SSH_KEYGEN_OPTIONS="-b $SSH_RSA_BITS"
|
|
Zoltan Fridrich |
d23ed3 |
fi ;; # always ok
|
|
Zoltan Fridrich |
d23ed3 |
"ecdsa")
|
|
Zoltan Fridrich |
d23ed3 |
if [[ ! -z $SSH_ECDSA_BITS ]]; then
|
|
Zoltan Fridrich |
d23ed3 |
SSH_KEYGEN_OPTIONS="-b $SSH_ECDSA_BITS"
|
|
Zoltan Fridrich |
d23ed3 |
fi ;;
|
|
Jakub Jelen |
00c7b7 |
*) # wrong argument
|
|
Jakub Jelen |
00c7b7 |
exit 12 ;;
|
|
Jakub Jelen |
00c7b7 |
esac
|
|
Jakub Jelen |
00c7b7 |
KEY=/etc/ssh/ssh_host_${KEYTYPE}_key
|
|
Jan F |
273d63 |
|
|
Jan F |
273d63 |
KEYGEN=/usr/bin/ssh-keygen
|
|
Jakub Jelen |
00c7b7 |
if [[ ! -x $KEYGEN ]]; then
|
|
Jakub Jelen |
00c7b7 |
exit 13
|
|
Jakub Jelen |
00c7b7 |
fi
|
|
Petr Lautrbach |
1462de |
|
|
Jakub Jelen |
00c7b7 |
# remove old keys
|
|
Jakub Jelen |
00c7b7 |
rm -f $KEY{,.pub}
|
|
Petr Lautrbach |
4253bf |
|
|
Jakub Jelen |
00c7b7 |
# create new keys
|
|
Zoltan Fridrich |
d23ed3 |
if ! $KEYGEN -q -t $KEYTYPE $SSH_KEYGEN_OPTIONS -f $KEY -C '' -N '' >&/dev/null; then
|
|
Jakub Jelen |
00c7b7 |
exit 1
|
|
Jan F |
273d63 |
fi
|
|
Petr Lautrbach |
4253bf |
|
|
Jakub Jelen |
00c7b7 |
# sanitize permissions
|
|
Dmitry Belyavskiy |
b61536 |
/usr/bin/chmod 600 $KEY
|
|
Jakub Jelen |
00c7b7 |
/usr/bin/chmod 644 $KEY.pub
|
|
Jakub Jelen |
00c7b7 |
if [[ -x /usr/sbin/restorecon ]]; then
|
|
Jakub Jelen |
00c7b7 |
/usr/sbin/restorecon $KEY{,.pub}
|
|
Jakub Jelen |
00c7b7 |
fi
|
|
Petr Lautrbach |
4253bf |
|
|
Jakub Jelen |
00c7b7 |
exit 0
|