From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 20 Aug 2015 22:26:49 +0000 (+0100)
Subject: SSH: Replace old RSA keys with a new set
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ea0033d96214b74ea69983d09214fe637f00eae8;p=people%2Fms%2Fipfire-2.x.git

SSH: Replace old RSA keys with a new set

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/rootfiles/core/94/update.sh b/config/rootfiles/core/94/update.sh
index 0d77743e87..99c5e4f630 100644
--- a/config/rootfiles/core/94/update.sh
+++ b/config/rootfiles/core/94/update.sh
@@ -47,6 +47,9 @@ sed -i /etc/ssh/sshd_config \
 
 # Move away old and unsupported keys
 mv -f /etc/ssh/ssh_host_dsa_key{,.old}
+# Regenerating weak RSA keys
+mv -f /etc/ssh/ssh_host_key{,.old}
+mv -f /etc/ssh/ssh_host_rsa_key{,.old}
 
 # Start services
 /etc/init.d/dnsmasq start
diff --git a/src/initscripts/init.d/sshd b/src/initscripts/init.d/sshd
index 7533184f06..7b4092d38d 100644
--- a/src/initscripts/init.d/sshd
+++ b/src/initscripts/init.d/sshd
@@ -12,24 +12,12 @@
 
 case "$1" in
     start)
-	if [ ! -e "/etc/ssh/ssh_host_key" ]; then
-		boot_mesg "Generating SSH host key..."
-		ssh-keygen -qf /etc/ssh/ssh_host_key -N '' -t rsa1
-		evaluate_retval
-	fi
-
 	for algo in rsa ecdsa ed25519; do
 		keyfile="/etc/ssh/ssh_host_${algo}_key"
 
 		# If the key already exists, there is nothing to do.
 		[ -e "${keyfile}" ] && continue
 
-		case "${algo}" in
-			rsa)
-				algo="rsa1"
-				;;
-		esac
-
 		boot_mesg "Generating SSH key (${algo})..."
 		ssh-keygen -qf "${keyfile}" -N '' -t ${algo}
 		evaluate_retval