rc.d/sshd: Simplify key generation.
authorPeter Avalos <pavalos@dragonflybsd.org>
Sat, 24 Jan 2015 23:10:51 +0000 (15:10 -0800)
committerPeter Avalos <pavalos@dragonflybsd.org>
Sat, 24 Jan 2015 23:10:51 +0000 (15:10 -0800)
ssh-keygen(1) already provides the functionality we were previously
trying to do here with its -A flag, except now it will reduce the
maintenance burden of having to update this file when there are new key
types.

etc/rc.d/sshd

index 13f607e..99ab8df 100644 (file)
@@ -19,58 +19,12 @@ extra_commands="keygen reload"
 
 sshd_keygen()
 {
-       (
-       umask 022
-
-       # Can't do anything if ssh is not installed
-       [ -x /usr/bin/ssh-keygen ] || {
-               warn "/usr/bin/ssh-keygen does not exist."
-               return 1
-       }
-
-       if [ -f /etc/ssh/ssh_host_key ]; then
-               echo "You already have an RSA host key" \
-                   "in /etc/ssh/ssh_host_key"
-               echo "Skipping protocol version 1 RSA Key Generation"
-       else
-               /usr/bin/ssh-keygen -t rsa1 -b 1024 \
-                   -f /etc/ssh/ssh_host_key -N ''
-       fi
-
-       if [ -f /etc/ssh/ssh_host_dsa_key ]; then
-               echo "You already have a DSA host key" \
-                   "in /etc/ssh/ssh_host_dsa_key"
-               echo "Skipping protocol version 2 DSA Key Generation"
-       else
-               /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
-       fi
-
-       if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then
-               echo "You already have a ECDSA host key" \
-                   "in /etc/ssh/ssh_host_ecdsa_key"
-               echo "Skipping protocol version 2 ECDSA Key Generation"
-       else
-               /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
-       fi
-
-       if [ -f /etc/ssh/ssh_host_rsa_key ]; then
-               echo "You already have a RSA host key" \
-                   "in /etc/ssh/ssh_host_rsa_key"
-               echo "Skipping protocol version 2 RSA Key Generation"
-       else
-               /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
-       fi
-       )
+       /usr/bin/ssh-keygen -A
 }
 
 sshd_precmd()
 {
-       if [ ! -f /etc/ssh/ssh_host_key -o \
-           ! -f /etc/ssh/ssh_host_dsa_key -o \
-           ! -f /etc/ssh/ssh_host_ecdsa_key -o \
-           ! -f /etc/ssh/ssh_host_rsa_key ]; then
-               run_rc_command keygen
-       fi
+       run_rc_command keygen
 }
 
 load_rc_config $name