Skip site navigation (1)Skip section navigation (2) 
Date:      26 Feb 2000 10:39:01 +0100
From:      Bjoern Groenvall <bg@sics.se>
To:        Kris Kennaway <kris@FreeBSD.ORG>, jkh@zippy.cdrom.com
Cc:        current@FreeBSD.ORG, markm@FreeBSD.ORG
Subject:   Re: OpenSSH /etc patch
Message-ID:  <wuvh3cz4ju.fsf@bg.sics.se>
In-Reply-To: Kris Kennaway's message of Fri, 25 Feb 2000 23:31:56 -0800 (PST)
References:  <Pine.BSF.4.21.0002252328510.71366-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Kris Kennaway <kris@FreeBSD.ORG> writes:

> Does this patch fix the problems people are seeing? It also generates the
> hostkey if it doesnt exist.
> 
> Oops, the NO_DESCRYPT line in the /etc/defaults/make.conf patch shouldn't
> be committed yet..I'm still testing that one.
> +# Generate SSH host key, if it doesnt exist. Both sshd and ssh need it
> +# so we do it unconditionally on sshd_enable.
> +#
> +if [ ! -f /etc/ssh/ssh_host_key -a -x /usr/bin/ssh-keygen ]; then
> +	echo 'generating an SSH host key:'
> +	/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
> +	echo ' done.'
> +fi
> +

Be careful to only run ssh-keygen if you are confident that the kernel
random number-generator has acquired enough entropy, otherwise you'll
leave the door open for guessing secret keys!

Jordan K. Hubbard <jkh@zippy.cdrom.com> writes:

> > +# Generate SSH host key, if it doesnt exist. Both sshd and ssh need it
> > +# so we do it unconditionally on sshd_enable.
> 
> Are you sure ssh requires a host key?  I could have sworn this was
> entirely related to sshd and could thus be lumped into the same
> "if sshd_enable=YES" clause.

Jordan is right about this, sshd requires the private key but ssh
can't even read the key from the file.

Cheers,
Björn

  _     _                                               ,_______________.  
Bjorn Gronvall (Björn Grönvall)                        /_______________/|     
Swedish Institute of Computer Science                  |               ||
PO Box 1263, S-164 29 Kista, Sweden                    | Schroedingers ||
Email: bg@sics.se, Phone +46 -8 633 15 25              |      Cat      |/
Cellular +46 -70 768 06 35, Fax +46 -8 751 72 30       `---------------' 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wuvh3cz4ju.fsf>