Replace shell function with ssh-keygen -A.

Prevents the init script in the SysV package from trying (and failing)
to generate unsupported key types.  Remove now-unused COMMENT_OUT_ECC.
ok tim@

diff --git a/configure.ac b/configure.ac
index 01e7d2a4fbecb7ec584015d9b3e952b091dd5259..cbf27db25e1a93eb41c53f8b2a923dbd5979cf3a 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -3100,7 +3100,6 @@ if test "x$openssl" = "xyes" ; then
                AC_MSG_RESULT([no])
        )
 
-       COMMENT_OUT_ECC="#no ecc#"
        TEST_SSH_ECC=no
 
        if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
@@ -3115,7 +3114,6 @@ if test "x$openssl" = "xyes" ; then
                AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
                    [libcrypto has NID_X9_62_prime256v1])
                TEST_SSH_ECC=yes
-               COMMENT_OUT_ECC=""
        else
                unsupported_algorithms="$unsupported_algorithms \
                        ecdsa-sha2-nistp256 \
@@ -3125,7 +3123,6 @@ if test "x$openssl" = "xyes" ; then
        if test x$enable_nistp384 = x1; then
                AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
                TEST_SSH_ECC=yes
-               COMMENT_OUT_ECC=""
        else
                unsupported_algorithms="$unsupported_algorithms \
                        ecdsa-sha2-nistp384 \
@@ -3135,7 +3132,6 @@ if test "x$openssl" = "xyes" ; then
        if test x$enable_nistp521 = x1; then
                AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
                TEST_SSH_ECC=yes
-               COMMENT_OUT_ECC=""
        else
                unsupported_algorithms="$unsupported_algorithms \
                        ecdh-sha2-nistp521 \
@@ -3144,7 +3140,6 @@ if test "x$openssl" = "xyes" ; then
        fi
 
        AC_SUBST([TEST_SSH_ECC])
-       AC_SUBST([COMMENT_OUT_ECC])
 else
        AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
        AC_CHECK_FUNCS([crypt])

diff --git a/opensshd.init.in b/opensshd.init.in
index 99e5a51ab8b7dba39513090fea0b8bdef719b7ac..251724805f7f32b70321b46c06a272e79ed03fa3 100755 (executable)
--- a/opensshd.init.in
+++ b/opensshd.init.in
@@ -17,26 +17,6 @@ PIDFILE=$piddir/sshd.pid
 PidFile=`grep "^PidFile" ${sysconfdir}/sshd_config | tr "=" " " | awk '{print $2}'`
 [ X$PidFile = X ]  ||  PIDFILE=$PidFile
 SSH_KEYGEN=$prefix/bin/ssh-keygen
-HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key
-HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key
-@COMMENT_OUT_ECC@HOST_KEY_ECDSA=$sysconfdir/ssh_host_ecdsa_key
-HOST_KEY_ED25519=$sysconfdir/ssh_host_ed25519_key
-
-
-checkkeys() {
-    if [ ! -f $HOST_KEY_DSA ]; then
-       ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
-    fi
-    if [ ! -f $HOST_KEY_RSA ]; then
-       ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
-    fi
-@COMMENT_OUT_ECC@    if [ ! -f $HOST_KEY_ECDSA ]; then
-@COMMENT_OUT_ECC@      ${SSH_KEYGEN} -t ecdsa -f ${HOST_KEY_ECDSA} -N ""
-@COMMENT_OUT_ECC@    fi
-    if [ ! -f $HOST_KEY_ED25519 ]; then
-       ${SSH_KEYGEN} -t ed25519 -f ${HOST_KEY_ED25519} -N ""
-    fi
-}
 
 stop_service() {
     if [  -r $PIDFILE  -a  ! -z ${PIDFILE}  ]; then
@@ -54,7 +34,7 @@ start_service() {
     # XXX we will opt out at this time. - Bal
 
     # Check to see if we have keys that need to be made
-    checkkeys
+    ${SSH_KEYGEN} -A
 
     # Start SSHD
     echo "starting $SSHD... \c"         ; $SSHD