- key=ssh_dir+"/ssh_host_key"
- if not os.path.isfile (key):
- log.write("Creating host rsa1 key %s\n"%key)
- utils.sysexec( "ssh-keygen -t rsa1 -b 1024 -f %s -N ''" % key, log )
- key=ssh_dir+"/ssh_host_rsa_key"
- if not os.path.isfile (key):
- log.write("Creating host rsa key %s\n"%key)
- utils.sysexec( "ssh-keygen -t rsa -f %s -N ''" % key, log )
- key=ssh_dir+"/ssh_host_dsa_key"
- if not os.path.isfile (key):
- log.write("Creating host dsa key %s\n"%key)
- utils.sysexec( "ssh-keygen -d -f %s -N ''" % key, log )
+
+ # original code used to specify -b 1024 for the rsa1 key
+ # fedora23 seems to come with a release of openssh that lacks suppport
+ # for ssh1, and thus rsa1 keys; so we consider that failing to produce
+ # the rsa1 key is not a showstopper
+ key_specs = [
+ ("/etc/ssh/ssh_host_key", 'rsa1', "SSH1 RSA", False),
+ ("/etc/ssh/ssh_host_rsa_key", 'rsa', "SSH2 RSA", True),
+ ("/etc/ssh/ssh_host_dsa_key", 'dsa', "SSH2 DSA", True),
+ ]
+
+ for key_file, key_type, label, mandatory in key_specs:
+ if not os.path.exists(key_file):
+ log.write("Creating {} host key {}\n".format(label, key_file))
+ if mandatory:
+ run = utils.sysexec
+ else:
+ run = utils.sysexec_noerr
+ run("{} -q -t {} -f {} -C '' -N ''"\
+ .format(key_gen_prog, key_type, key_file), log)
+ run("chmod 600 {}".format(key_file), log)
+ run("chmod 644 {}.pub".format(key_file), log)