projects
/
hvlinux.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
70c328f
)
Improve ssh keys security
author
Hugo Villeneuve
<hugo@hugovil.com>
Sat, 28 Feb 2015 23:22:43 +0000
(18:22 -0500)
committer
Hugo Villeneuve
<hugo@hugovil.com>
Sun, 1 Mar 2015 01:39:44 +0000
(20:39 -0500)
stage3/bootscripts/sshd
patch
|
blob
|
history
diff --git
a/stage3/bootscripts/sshd
b/stage3/bootscripts/sshd
index
1d3ab9f
..
66d635c
100755
(executable)
--- a/
stage3/bootscripts/sshd
+++ b/
stage3/bootscripts/sshd
@@
-13,23
+13,21
@@
DAEMON="/usr/sbin/sshd"
DAEMON_DESC="SSH server"
DAEMON_OPTS="-4"
DAEMON_DESC="SSH server"
DAEMON_OPTS="-4"
+KEYLEN_BITS=4096
+
# Check if SSH server is desired
if [ "x${SSH_SERVER_ENA}" != "xyes" -a "x${SSH_SERVER_ENA}" != "xYes" -a "x${SSH_SERVER_ENA}" != "xYES" ]; then
exit ${EXIT_CODE_SUCCESS}
fi
gen_keys() {
# Check if SSH server is desired
if [ "x${SSH_SERVER_ENA}" != "xyes" -a "x${SSH_SERVER_ENA}" != "xYes" -a "x${SSH_SERVER_ENA}" != "xYES" ]; then
exit ${EXIT_CODE_SUCCESS}
fi
gen_keys() {
- if [ ! -e /etc/ssh/ssh_host_key ] ; then
- echo "Generating Hostkey..."
- /usr/bin/ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ''
- fi
- if [ ! -e /etc/ssh/ssh_host_dsa_key ] ; then
- echo "Generating DSA-Hostkey..."
- /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N ''
- fi
if [ ! -e /etc/ssh/ssh_host_rsa_key ] ; then
if [ ! -e /etc/ssh/ssh_host_rsa_key ] ; then
- echo "Generating RSA-Hostkey..."
- /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
+ echo "Generating RSA hostkey..."
+ /usr/bin/ssh-keygen -t rsa -b ${KEYLEN_BITS} -f /etc/ssh/ssh_host_rsa_key -N ''
+ fi
+ if [ ! -e /etc/ssh/ssh_host_ed25519_key ] ; then
+ echo "Generating Ed25519 hostkey..."
+ /usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''
fi
}
fi
}