diff --git a/openssh-6.3p1-redhat.patch b/openssh-6.3p1-redhat.patch index 5b1ec1d..d85244d 100644 --- a/openssh-6.3p1-redhat.patch +++ b/openssh-6.3p1-redhat.patch @@ -58,6 +58,18 @@ diff -up openssh-6.3p1/sshd_config.redhat openssh-6.3p1/sshd_config #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 +@@ -21,9 +25,9 @@ + # HostKey for protocol version 1 + #HostKey /etc/ssh/ssh_host_key + # HostKeys for protocol version 2 +-#HostKey /etc/ssh/ssh_host_rsa_key ++HostKey /etc/ssh/ssh_host_rsa_key + #HostKey /etc/ssh/ssh_host_dsa_key +-#HostKey /etc/ssh/ssh_host_ecdsa_key ++HostKey /etc/ssh/ssh_host_ecdsa_key + + # Lifetime and size of ephemeral version 1 server key + #KeyRegenerationInterval 1h @@ -35,6 +39,7 @@ # Logging # obsoletes QuietMode and FascistLogging diff --git a/sshd-keygen b/sshd-keygen index 5f158fd..d54e4b9 100644 --- a/sshd-keygen +++ b/sshd-keygen @@ -4,7 +4,7 @@ # # The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment # variable. -AUTOCREATE_SERVER_KEYS=RSAONLY +AUTOCREATE_SERVER_KEYS=NODSA # source function library . /etc/rc.d/init.d/functions @@ -115,8 +115,9 @@ do_ecdsa_keygen() { if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then do_rsa_keygen if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then - do_rsa1_keygen - do_dsa_keygen do_ecdsa_keygen + if [ "x${AUTOCREATE_SERVER_KEYS}" != xNODSA ]; then + do_dsa_keygen + fi fi fi diff --git a/sshd.sysconfig b/sshd.sysconfig index 9a30a83..ddd7744 100644 --- a/sshd.sysconfig +++ b/sshd.sysconfig @@ -1,9 +1,11 @@ # Configuration file for the sshd service. -# The server keys are automatically generated if they ommited -# to change the automatic creation uncomment the approprite -# line. The default is RSAONLY +# The server keys are automatically generated if they omitted +# to change the automatic creation uncomment the appropriate +# line. The default is NODSA which means rsa and ecdsa keys are +# generated. +# AUTOCREATE_SERVER_KEYS=NODSA # AUTOCREATE_SERVER_KEYS=RSAONLY # AUTOCREATE_SERVER_KEYS=NO # AUTOCREATE_SERVER_KEYS=YES