SSH: Replace old RSA keys with a new set

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/core/94/update.sh b/config/rootfiles/core/94/update.sh
index 0d77743e87229b65ddf9b3c154cefb4c44f52d71..99c5e4f630894babc10b156731ee1f1c3c6a2271 100644 (file)
--- a/config/rootfiles/core/94/update.sh
+++ b/config/rootfiles/core/94/update.sh
@@ -47,6 +47,9 @@ sed -i /etc/ssh/sshd_config \
 
 # Move away old and unsupported keys
 mv -f /etc/ssh/ssh_host_dsa_key{,.old}
+# Regenerating weak RSA keys
+mv -f /etc/ssh/ssh_host_key{,.old}
+mv -f /etc/ssh/ssh_host_rsa_key{,.old}
 
 # Start services
 /etc/init.d/dnsmasq start

diff --git a/src/initscripts/init.d/sshd b/src/initscripts/init.d/sshd
index 7533184f062fa694e6846a19c4617afee2c50aed..7b4092d38dd62bc6c3381fb6561b57410cdb00dd 100644 (file)
--- a/src/initscripts/init.d/sshd
+++ b/src/initscripts/init.d/sshd
@@ -12,24 +12,12 @@
 
 case "$1" in
     start)
-       if [ ! -e "/etc/ssh/ssh_host_key" ]; then
-               boot_mesg "Generating SSH host key..."
-               ssh-keygen -qf /etc/ssh/ssh_host_key -N '' -t rsa1
-               evaluate_retval
-       fi
-
        for algo in rsa ecdsa ed25519; do
                keyfile="/etc/ssh/ssh_host_${algo}_key"
 
                # If the key already exists, there is nothing to do.
                [ -e "${keyfile}" ] && continue
 
-               case "${algo}" in
-                       rsa)
-                               algo="rsa1"
-                               ;;
-               esac
-
                boot_mesg "Generating SSH key (${algo})..."
                ssh-keygen -qf "${keyfile}" -N '' -t ${algo}
                evaluate_retval