Module Name: src
Committed By: martin
Date: Sun May 15 11:47:42 UTC 2022
Modified Files:
src/etc/rc.d: sshd
Log Message:
PR 56835: fix sshd startup script to only whine about bogus keys it
created if it actualy did create keys (one should thing that a
function called sshd_keygen() only is called to create keys, but
the "precmd" magic makes it run every time sshd is started or stopped).
Patch from Tom Lane, with modifications suggested by kre and a minor
additional cosemtic change.
To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/etc/rc.d/sshd
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/etc/rc.d/sshd
diff -u src/etc/rc.d/sshd:1.31 src/etc/rc.d/sshd:1.32
--- src/etc/rc.d/sshd:1.31 Sun Sep 26 10:53:20 2021
+++ src/etc/rc.d/sshd Sun May 15 11:47:42 2022
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: sshd,v 1.31 2021/09/26 10:53:20 martin Exp $
+# $NetBSD: sshd,v 1.32 2022/05/15 11:47:42 martin Exp $
#
# PROVIDE: sshd
@@ -45,6 +45,7 @@ sshd_keygen()
(
keygen="/usr/bin/ssh-keygen"
umask 022
+ new_key_created=false
while read type bits filename; do
f="/etc/ssh/$filename"
if [ "$1" != "force" ] && [ -f "$f" ]; then
@@ -58,14 +59,17 @@ sshd_keygen()
esac
"${keygen}" -t "${type}" ${bitarg} -f "${f}" -N '' -q && \
printf "ssh-keygen: " && "${keygen}" -f "${f}" -l
+ new_key_created=true
done << _EOF
dsa 1024 ssh_host_dsa_key
ecdsa 521 ssh_host_ecdsa_key
ed25519 -1 ssh_host_ed25519_key
rsa 0 ssh_host_rsa_key
_EOF
+ if "${new_key_created}"; then
+ sshd_motd_unsafe_keys_warning
+ fi
)
- sshd_motd_unsafe_keys_warning
}
sshd_precmd()
