Univention Bugzilla – Attachment 7024 Details for
Bug 38710
univention-openssh-recreate-host-keys doesn't recreate RSA1 keys
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Recreates also RSAv1 if present, considers sshd/hostkeys/bits
univention-openssh-recreate-host-keys (text/x-shellscript), 2.63 KB, created by
Michael Grandjean
on 2015-07-13 23:21:40 CEST
(
hide
)
Description:
Recreates also RSAv1 if present, considers sshd/hostkeys/bits
Filename:
MIME Type:
Creator:
Michael Grandjean
Created:
2015-07-13 23:21:40 CEST
Size:
2.63 KB
patch
obsolete
>#!/bin/sh -e ># ># Univention SSH ># Create new OpenSSH hosts keys ># ># Copyright 2004-2015 Univention GmbH ># ># http://www.univention.de/ ># ># All rights reserved. ># ># The source code of this program is made available ># under the terms of the GNU Affero General Public License version 3 ># (GNU AGPL V3) as published by the Free Software Foundation. ># ># Binary versions of this program provided by Univention to you as ># well as other copyrighted, protected or trademarked materials like ># Logos, graphics, fonts, specific documentations and configurations, ># cryptographic keys etc. are subject to a license agreement between ># you and Univention and not subject to the GNU AGPL V3. ># ># In the case you use this program under the terms of the GNU AGPL V3, ># the program is provided in the hope that it will be useful, ># but WITHOUT ANY WARRANTY; without even the implied warranty of ># MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ># GNU Affero General Public License for more details. ># ># You should have received a copy of the GNU Affero General Public ># License with the Debian GNU/Linux or Univention distribution in file ># /usr/share/common-licenses/AGPL-3; if not, see ># <http://www.gnu.org/licenses/>. > >eval "$(ucr shell sshd/hostkeys/bits)" > >if [ -n "${sshd_hostkeys_bits}" ]; then > bits="${sshd_hostkeys_bits}" >else > bits=2048 >fi > > ># Check for deprecated RSA1 key used for SSHv1 >if [ -f /etc/ssh/ssh_host_key ]; then > echo "WARNING: Deprecated RSA1 key found: /etc/ssh/ssh_host_key" > echo "You should consider deleting this key due to security concerns." > > echo "Storing backup copy of /etc/ssh/ssh_host_key" > mv /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.backup-copy > > echo "Recreating deprecated RSA1 host key" > ssh-keygen -q -f /etc/ssh/ssh_host_key -N '' -t rsa1 > echo "" >fi > ># Check for deprecated DSA key >if [ -f /etc/ssh/ssh_host_dsa_key ]; then > echo "WARNING: Deprecated DSA key found: /etc/ssh/ssh_host_dsa_key" > echo "You should consider deleting this key due to security concerns." > > echo "Storing backup copy of /etc/ssh/ssh_host_dsa_key" > mv /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.backup-copy > > echo "Recreating deprecated DSA host key" > ssh-keygen -q -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa > echo "" >fi > ># Check for RSA key >if [ -f /etc/ssh/ssh_host_rsa_key ]; then > echo "Storing backup copy of /etc/ssh/ssh_host_rsa_key" > mv /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.backup-copy > > echo "Recreating RSA host key" > ssh-keygen -q -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -b "${bits}" > echo "" >else > echo "No default RSA host key found. Creating a new one." > ssh-keygen -q -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -b "${bits}" >fi
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7024">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 38710
: 7024