- sshd_started= 0
- try:
- os.stat(sshd_started_flag)
- sshd_started= 1
- except OSError, e:
- pass
-
- if not sshd_started:
- # NOTE: these commands hang if ssh_host_*_key files exist, b/c
- # ssh-keygen asks for user input to confirm the overwrite.
- # could fix this with "echo 'y' | "
- log.write( "Creating ssh host keys\n" )
-
- utils.makedirs( ssh_dir )
- utils.sysexec( "ssh-keygen -t rsa1 -b 1024 -f %s/ssh_host_key -N ''" %
- ssh_dir, log )
- utils.sysexec( "ssh-keygen -t rsa -f %s/ssh_host_rsa_key -N ''" %
- ssh_dir, log )
- utils.sysexec( "ssh-keygen -d -f %s/ssh_host_dsa_key -N ''" %
- ssh_dir, log )
-
- if BOOT_CD_VERSION[0] >= 3:
- utils.sysexec( "cp -f %s/sshd_config_v3 %s/sshd_config" %
- (ssh_source_files,ssh_dir), log )
- else:
- utils.sysexec( "cp -f %s/sshd_config_v2 %s/sshd_config" %
- (ssh_source_files,ssh_dir), log )
- else:
- log.write( "ssh host keys already created\n" )
-
-
- # always update the key, may have change in this instance of the bootmanager
- log.write( "Installing debug ssh key for root user\n" )
+ # create host keys if needed
+ if not os.path.isdir (ssh_dir):
+ utils.makedirs (ssh_dir)
+
+ # original code used to specify -b 1024 for the rsa1 key
+ # fedora23 seems to come with a release of openssh that lacks suppport
+ # for ssh1, and thus rsa1 keys; so we consider that failing to produce
+ # the rsa1 key is not a showstopper
+ key_specs = [
+ ("/etc/ssh/ssh_host_key", 'rsa1', "SSH1 RSA", False),
+ ("/etc/ssh/ssh_host_rsa_key", 'rsa', "SSH2 RSA", True),
+ ("/etc/ssh/ssh_host_dsa_key", 'dsa', "SSH2 DSA", True),
+ ]
+
+ for key_file, key_type, label, mandatory in key_specs:
+ if not os.path.exists(key_file):
+ log.write("Creating {} host key {}\n".format(label, key_file))
+ if mandatory:
+ run = utils.sysexec
+ else:
+ run = utils.sysexec_noerr
+ run("{} -q -t {} -f {} -C '' -N ''"\
+ .format(key_gen_prog, key_type, key_file), log)
+ run("chmod 600 {}".format(key_file), log)
+ run("chmod 644 {}.pub".format(key_file), log)
+
+ # (over)write sshd config
+ utils.sysexec("cp -f {}/sshd_config {}/sshd_config".format(ssh_source_files, ssh_dir), log)