From 35cb43f788539c3bbdc2f68066a256cdc2552222 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Elan=20Ruusam=C3=A4e?= <glen@delfi.ee>
Date: Sun, 1 Mar 2015 15:05:12 +0200
Subject: [PATCH] simplify ssh key gen, reuse code

---
 openssh.spec  | 11 ++++++-----
 opensshd.init | 27 +--------------------------
 sshd-keygen   | 42 ++++++++++++++++--------------------------
 3 files changed, 23 insertions(+), 57 deletions(-)

diff --git a/openssh.spec b/openssh.spec
index 6970a97..315173f 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -634,16 +634,17 @@ install -p sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
 cp -p sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
-ln -sf	/etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
+ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
 cp -p %{SOURCE8} $RPM_BUILD_ROOT/etc/init/sshd.conf
 
-%{__sed} -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' %{SOURCE9} >$RPM_BUILD_ROOT%{systemdunitdir}/sshd.service
-cp -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
+cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
+install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
 
-cp -p %{SOURCE11} $RPM_BUILD_ROOT%{systemdunitdir}
-cp -p %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
+%{__sed} -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
+	$RPM_BUILD_ROOT%{systemdunitdir}/sshd.service
+	$RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
 
 %if %{with gnome}
 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
diff --git a/opensshd.init b/opensshd.init
index a00a9da..f78007e 100755
--- a/opensshd.init
+++ b/opensshd.init
@@ -46,32 +46,7 @@ checkconfig() {
 }
 
 ssh_gen_keys() {
-	# generate new keys with empty passwords if they do not exist
-	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
-		/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
-		chmod 600 /etc/ssh/ssh_host_key
-		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
-	fi
-	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
-		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
-		chmod 600 /etc/ssh/ssh_host_rsa_key
-		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
-	fi
-	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
-		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
-		chmod 600 /etc/ssh/ssh_host_dsa_key
-		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
-	fi
-	if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
-		/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
-		chmod 600 /etc/ssh/ssh_host_ecdsa_key
-		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
-	fi # ecdsa
-	if [ ! -f /etc/ssh/ssh_host_ed25519_key -o ! -s /etc/ssh/ssh_host_ed25519_key ]; then
-		/usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' >&2
-		chmod 600 /etc/ssh/ssh_host_ed25519_key
-		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ed25519_key
-	fi # ed25519
+	@@LIBEXECDIR@@/sshd-keygen
 }
 
 start() {
diff --git a/sshd-keygen b/sshd-keygen
index 1f2b320..c6205e6 100644
--- a/sshd-keygen
+++ b/sshd-keygen
@@ -3,30 +3,20 @@
 # Get service config
 [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
 
+# generate new key with empty password if it does not exist
+ssh_gen_key() {
+	local type="$1" keyfile="$2"
+
+	test -s $keyfile && return
+
+	/usr/bin/ssh-keygen -t $type -f $keyfile -N '' >&2
+	chmod 600 $keyfile
+	[ -x /sbin/restorecon ] && /sbin/restorecon $keyfile
+}
+
 # generate new keys with empty passwords if they do not exist
-if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
-	/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
-	chmod 600 /etc/ssh/ssh_host_key
-	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
-fi
-if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
-	/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
-	chmod 600 /etc/ssh/ssh_host_rsa_key
-	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
-fi
-if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
-	/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
-	chmod 600 /etc/ssh/ssh_host_dsa_key
-	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
-fi
-if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
-	/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
-	chmod 600 /etc/ssh/ssh_host_ecdsa_key
-	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
-fi # ecdsa
-if [ ! -f /etc/ssh/ssh_host_ed25519_key -o ! -s /etc/ssh/ssh_host_ed25519_key ]; then
-	/usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' >&2
-	chmod 600 /etc/ssh/ssh_host_ed25519_key
-	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ed25519_key
-fi # ed25519
-exit 0
+ssh_gen_key rsa1 /etc/ssh/ssh_host_key
+ssh_gen_key rsa /etc/ssh/ssh_host_rsa_key
+ssh_gen_key dsa /etc/ssh/ssh_host_dsa_key
+ssh_gen_key ecdsa /etc/ssh/ssh_host_ecdsa_key
+ssh_gen_key ed25519 /etc/ssh/ssh_host_ed25519_key
-- 
2.44.0