From 2539b1c4f23fac30cfa110555b47b583f5642bcc Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Apr 06 2012 19:00:20 +0000 Subject: don't create RSA1 key in FIPS mode --- diff --git a/sshd-keygen b/sshd-keygen index c34c7a7..67840ef 100644 --- a/sshd-keygen +++ b/sshd-keygen @@ -17,8 +17,16 @@ RSA1_KEY=/etc/ssh/ssh_host_key RSA_KEY=/etc/ssh/ssh_host_rsa_key DSA_KEY=/etc/ssh/ssh_host_dsa_key +fips_enabled() { + if [ -r /proc/sys/crypto/fips_enabled ]; then + cat /proc/sys/crypto/fips_enabled + else + echo 0 + fi +} + do_rsa1_keygen() { - if [ ! -s $RSA1_KEY ]; then + if [ ! -s $RSA1_KEY -a `fips_enabled` -eq 0 ]; then echo -n $"Generating SSH1 RSA host key: " rm -f $RSA1_KEY if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then