FreeBSD Bugzilla – Attachment 159635 Details for
Bug 202153
[PATCH] set ssh-keygen flags in rc.conf for rc.d/sshd
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
adds variables to sshd_keygen() that pass per key-type flags from rc.conf and documents sshd related vars in defaults/rc.conf
sshd_vars.diff.txt (text/plain), 2.90 KB, created by
Chad Jacob Milios
on 2015-08-07 08:17:42 UTC
(
hide
)
Description:
adds variables to sshd_keygen() that pass per key-type flags from rc.conf and documents sshd related vars in defaults/rc.conf
Filename:
MIME Type:
Creator:
Chad Jacob Milios
Created:
2015-08-07 08:17:42 UTC
Size:
2.90 KB
patch
obsolete
>Index: etc/defaults/rc.conf >=================================================================== >--- etc/defaults/rc.conf (revision 286402) >+++ etc/defaults/rc.conf (working copy) >@@ -312,6 +312,16 @@ > sshd_enable="NO" # Enable sshd > sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one. > sshd_flags="" # Additional flags for sshd. >+sshd_rsa1_keygen_enable="YES" # Generate an rsa1 key when starting sshd if missing from /etc/sshd. >+sshd_rsa1_keygen_flags="" # Flags to ssh-keygen for rsa1 key when first created. >+sshd_rsa_keygen_enable="YES" # Generate an rsa key when starting sshd if missing from /etc/sshd. >+sshd_rsa_keygen_flags="" # Flags to ssh-keygen for rsa key when first created. >+sshd_dsa_keygen_enable="YES" # Generate a dsa key when starting sshd if missing from /etc/sshd. >+sshd_dsa_keygen_flags="" # Flags to ssh-keygen for dsa key when first created. >+sshd_ecdsa_keygen_enable="YES" # Generate an ecdsa key when starting sshd if missing from /etc/sshd. >+sshd_ecdsa_keygen_flags="" # Flags to ssh-keygen for ecdsa key when first created. >+sshd_ed25519_keygen_enable="YES" # Generate an ed25519 key when starting sshd if missing from /etc/sshd. >+sshd_ed25519_keygen_flags="" # Flags to ssh-keygen for ed25519 key when first created. > ftpd_enable="NO" # Enable stand-alone ftpd. > ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one. > ftpd_flags="" # Additional flags to stand-alone ftpd. >Index: etc/rc.d/sshd >=================================================================== >--- etc/rc.d/sshd (revision 286402) >+++ etc/rc.d/sshd (working copy) >@@ -20,11 +20,19 @@ > pidfile="/var/run/${name}.pid" > extra_commands="configtest keygen reload" > >-: ${sshd_rsa1_enable:="yes"} >-: ${sshd_rsa_enable:="yes"} >-: ${sshd_dsa_enable:="yes"} >-: ${sshd_ecdsa_enable:="yes"} >-: ${sshd_ed25519_enable:="yes"} >+if [ -n "$sshd_rsa1_enable" -o \ >+ -n "$sshd_rsa_enable" -o \ >+ -n "$sshd_dsa_enable" -o \ >+ -n "$sshd_ecdsa_enable" -o \ >+ -n "$sshd_ed25519_enable" ] >+then >+ warn "sshd_*_enable is deprecated, consider using sshd_*_keygen_enable for clarity." >+fi >+: ${sshd_rsa1_keygen_enable:="${sshd_rsa1_enable:-yes}"} >+: ${sshd_rsa_keygen_enable:="${sshd_rsa_enable:-yes}"} >+: ${sshd_dsa_keygen_enable:="${sshd_dsa_enable:-yes}"} >+: ${sshd_ecdsa_keygen_enable:="${sshd_ecdsa_enable:-yes}"} >+: ${sshd_ed25519_keygen_enable:="${sshd_ed25519_enable:-yes}"} > > sshd_keygen_alg() > { >@@ -32,7 +40,7 @@ > local ALG="$(echo $alg | tr a-z A-Z)" > local keyfile > >- if ! checkyesno "sshd_${alg}_enable" ; then >+ if ! checkyesno "sshd_${alg}_keygen_enable" ; then > return 0 > fi > >@@ -56,8 +64,9 @@ > if [ -f "${keyfile}" ] ; then > info "$ALG host key exists." > else >+ eval keygen_flags=\$sshd_${alg}_keygen_flags > echo "Generating $ALG host key." >- /usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N "" >+ /usr/bin/ssh-keygen -q -t $alg -f "$keyfile" $keygen_flags -N "" > /usr/bin/ssh-keygen -l -f "$keyfile.pub" > fi > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=159635">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 202153
:
159634
|
159635
|
159642