simplify ssh key gen, reuse code

diff --git a/openssh.spec b/openssh.spec
index 6970a97759ee4104ed9ff475198fa0e5bb492405..315173f885e0366bd2246de910aa39d785191140 100644 (file)
--- a/openssh.spec
+++ b/openssh.spec
@@ -634,16 +634,17 @@ install -p sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
 cp -p sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
-ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
+ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
 cp -p %{SOURCE8} $RPM_BUILD_ROOT/etc/init/sshd.conf
 
-%{__sed} -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' %{SOURCE9} >$RPM_BUILD_ROOT%{systemdunitdir}/sshd.service
-cp -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
+cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
+install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
 
-cp -p %{SOURCE11} $RPM_BUILD_ROOT%{systemdunitdir}
-cp -p %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
+%{__sed} -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
+       $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service
+       $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
 
 %if %{with gnome}
 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass

diff --git a/opensshd.init b/opensshd.init
index a00a9dad600e334dfac703197d0b47a306732402..f78007ea96c8d3fdd3c35bbb30f7033d6bc63f9d 100755 (executable)
--- a/opensshd.init
+++ b/opensshd.init
@@ -46,32 +46,7 @@ checkconfig() {
 }
 
 ssh_gen_keys() {
-       # generate new keys with empty passwords if they do not exist
-       if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
-               /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
-               chmod 600 /etc/ssh/ssh_host_key
-               [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
-       fi
-       if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
-               /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
-               chmod 600 /etc/ssh/ssh_host_rsa_key
-               [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
-       fi
-       if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
-               /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
-               chmod 600 /etc/ssh/ssh_host_dsa_key
-               [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
-       fi
-       if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
-               /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
-               chmod 600 /etc/ssh/ssh_host_ecdsa_key
-               [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
-       fi # ecdsa
-       if [ ! -f /etc/ssh/ssh_host_ed25519_key -o ! -s /etc/ssh/ssh_host_ed25519_key ]; then
-               /usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' >&2
-               chmod 600 /etc/ssh/ssh_host_ed25519_key
-               [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ed25519_key
-       fi # ed25519
+       @@LIBEXECDIR@@/sshd-keygen
 }
 
 start() {

diff --git a/sshd-keygen b/sshd-keygen
index 1f2b320710d7b48238878e0aa7c7044ca983468f..c6205e602c5e180b39a5ae4f5403bfbae3afd41a 100644 (file)
--- a/sshd-keygen
+++ b/sshd-keygen
@@ -3,30 +3,20 @@
 # Get service config
 [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
 
+# generate new key with empty password if it does not exist
+ssh_gen_key() {
+       local type="$1" keyfile="$2"
+
+       test -s $keyfile && return
+
+       /usr/bin/ssh-keygen -t $type -f $keyfile -N '' >&2
+       chmod 600 $keyfile
+       [ -x /sbin/restorecon ] && /sbin/restorecon $keyfile
+}
+
 # generate new keys with empty passwords if they do not exist
-if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
-       /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
-       chmod 600 /etc/ssh/ssh_host_key
-       [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
-fi
-if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
-       /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
-       chmod 600 /etc/ssh/ssh_host_rsa_key
-       [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
-fi
-if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
-       /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
-       chmod 600 /etc/ssh/ssh_host_dsa_key
-       [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
-fi
-if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
-       /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
-       chmod 600 /etc/ssh/ssh_host_ecdsa_key
-       [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
-fi # ecdsa
-if [ ! -f /etc/ssh/ssh_host_ed25519_key -o ! -s /etc/ssh/ssh_host_ed25519_key ]; then
-       /usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' >&2
-       chmod 600 /etc/ssh/ssh_host_ed25519_key
-       [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ed25519_key
-fi # ed25519
-exit 0
+ssh_gen_key rsa1 /etc/ssh/ssh_host_key
+ssh_gen_key rsa /etc/ssh/ssh_host_rsa_key
+ssh_gen_key dsa /etc/ssh/ssh_host_dsa_key
+ssh_gen_key ecdsa /etc/ssh/ssh_host_ecdsa_key
+ssh_gen_key ed25519 /etc/ssh/ssh_host_ed25519_key