From 92edacd90a899e11a926b93c3d21c1647a1499b2 Mon Sep 17 00:00:00 2001 From: Qi Luo Date: Fri, 29 Mar 2019 01:03:47 +0000 Subject: [PATCH] Do not generate ssh server keys for non RSA protocols Signed-off-by: Qi Luo --- files/sshd/host-ssh-keygen.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/files/sshd/host-ssh-keygen.sh b/files/sshd/host-ssh-keygen.sh index ade24e6383de..d4ea5bd431c1 100755 --- a/files/sshd/host-ssh-keygen.sh +++ b/files/sshd/host-ssh-keygen.sh @@ -1,10 +1,8 @@ #!/bin/bash +set -e + [ -r /etc/ssh/ssh_host_rsa_key ] || { rm -f /etc/ssh/ssh_host_*_key* /usr/bin/ssh-keygen -t rsa -N '' -f /etc/ssh/ssh_host_rsa_key - /usr/bin/ssh-keygen -t dsa -N '' -f /etc/ssh/ssh_host_dsa_key - /usr/bin/ssh-keygen -t rsa1 -N '' -f /etc/ssh/ssh_host_key - /usr/bin/ssh-keygen -t ecdsa -N '' -f /etc/ssh/ssh_host_ecdsa_key - /usr/bin/ssh-keygen -t ed25519 -N '' -f /etc/ssh/ssh_host_ed25519_key }