From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH 1/5] sshd: Do not generate new RSA host key on first boot Date: Fri, 20 Sep 2024 14:20:18 +0000 Message-ID: <20240920142022.589371-1-peter.mueller@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1506796523227803563==" List-Id: --===============1506796523227803563== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This patch will also ensure the maximum supported key length is used for ECDSA. Existing installations will remain unaffected. Note that the key size for ED25519 is fixed, and explicitly setting it to 521 bytes will not have any impact. Signed-off-by: Peter M=C3=BCller --- src/initscripts/system/sshd | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd index fa40bc11d..e5a9931af 100644 --- a/src/initscripts/system/sshd +++ b/src/initscripts/system/sshd @@ -2,7 +2,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2022 IPFire Team = # +# Copyright (C) 2007-2024 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -24,14 +24,14 @@ =20 case "$1" in start) - for algo in rsa ecdsa ed25519; do + for algo in ecdsa ed25519; do keyfile=3D"/etc/ssh/ssh_host_${algo}_key" =20 # If the key already exists, there is nothing to do. [ -e "${keyfile}" ] && continue =20 boot_mesg "Generating SSH key (${algo})..." - ssh-keygen -qf "${keyfile}" -N '' -t ${algo} + ssh-keygen -qf "${keyfile}" -N '' -b 521 -t ${algo} evaluate_retval done =20 --=20 2.39.5 --===============1506796523227803563==--