modified: configure.ac opensshd.init.in

Skip generating missing RSA1 key on startup unless ssh1 support is enabled.
Spotted by Jean-Pierre Radley

diff --git a/configure.ac b/configure.ac
index 373d21b346c27db817c2302cf64a89cbbda986ad..7c1956dc6d530f1c65920d0f85fc64513ebc7cdf 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -123,6 +123,7 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
 
 openssl=yes
 ssh1=no
+COMMENT_OUT_RSA1="#no ssh1#"
 AC_ARG_WITH([openssl],
        [  --without-openssl       Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
        [  if test "x$withval" = "xno" ; then
@@ -147,6 +148,7 @@ AC_ARG_WITH([ssh1],
                                AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
                        fi
                        ssh1=yes
+                       COMMENT_OUT_RSA1=""
                elif test "x$withval" = "xno" ; then
                        ssh1=no
                else
@@ -158,6 +160,7 @@ AC_MSG_CHECKING([whether SSH protocol 1 support is enabled])
 if test "x$ssh1" = "xyes" ; then
        AC_MSG_RESULT([yes])
        AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support])
+       AC_SUBST([COMMENT_OUT_RSA1])
 else
        AC_MSG_RESULT([no])
 fi

diff --git a/opensshd.init.in b/opensshd.init.in
index 517345bfb7b92f54586b506dc2e4c147caca883c..3908566b793beedfaa93a65e4ca210ae17cd9564 100755 (executable)
--- a/opensshd.init.in
+++ b/opensshd.init.in
@@ -25,9 +25,9 @@ HOST_KEY_ED25519=$sysconfdir/ssh_host_ed25519_key
 
 
 checkkeys() {
-    if [ ! -f $HOST_KEY_RSA1 ]; then
-       ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
-    fi
+@COMMENT_OUT_RSA1@    if [ ! -f $HOST_KEY_RSA1 ]; then
+@COMMENT_OUT_RSA1@     ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
+@COMMENT_OUT_RSA1@    fi
     if [ ! -f $HOST_KEY_DSA ]; then
        ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
     fi