Date: Tue, 27 Nov 2001 08:00:03 -0800 (PST) From: Makoto Matsushita <matusita@jp.freebsd.org> To: freebsd-bugs@FreeBSD.org Subject: Re: conf/32288: After install: /etc/rc complains if crypto is not installed Message-ID: <200111271600.fARG03543704@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/32288; it has been noted by GNATS.
From: Makoto Matsushita <matusita@jp.freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Dag-Erling Smorgrav <des@ofug.org>
Subject: Re: conf/32288: After install: /etc/rc complains if crypto is not
installed
Date: Wed, 28 Nov 2001 00:57:36 +0900
des> In addition, rc.network should check for the existence and
des> executability of ssh-keygen, which should probably be
des> parametrized.
How about this patch? Logic is changed to:
if ${sshd_enable} is YES
if ${ssh_keygen_program} is not executable
ssh_keygen_enable=NO
if ${ssh_keygen_enable} is YES
(create keys as before)
ssh_keygen_enable is set to "YES", and ssh_keygen_program is set to
"/usr/bin/ssh-keygen" to keep the behavior of current rc.network.
If a user doesn't install 'crypto' distribution, /usr/bin/ssh-keygen
is not available so ssh_keygen_enable turn to 'NO'.
BTW, I don't like this patch, the ssh-keygen line is too long...
-- -
Makoto `MAR' Matsushita
Index: rc.network
===================================================================
RCS file: /home/ncvs/src/etc/rc.network,v
retrieving revision 1.115
diff -u -r1.115 rc.network
--- rc.network 24 Nov 2001 23:41:32 -0000 1.115
+++ rc.network 27 Nov 2001 15:48:52 -0000
@@ -814,14 +814,21 @@
case ${sshd_enable} in
[Yy][Ee][Ss])
- if [ ! -f /etc/ssh/ssh_host_key ]; then
- echo ' creating ssh RSA host key';
- /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
- fi
- if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
- echo ' creating ssh DSA host key';
- /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
+ if [ ! -x ${ssh_keygen_program:-/usr/bin/ssh-keygen} ]; then
+ ssh_keygen_enable="NO"
fi
+ case ${ssh_keygen_enable} in
+ [Yy][Ee][Ss])
+ if [ ! -f /etc/ssh/ssh_host_key ]; then
+ echo ' creating ssh RSA host key';
+ ${ssh_keygen_program:-/usr/bin/ssh-keygen} -N "" -f /etc/ssh/ssh_host_key
+ fi
+ if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
+ echo ' creating ssh DSA host key';
+ ${ssh_keygen_program:-/usr/bin/ssh-keygen} -d -N "" -f /etc/ssh/ssh_host_dsa_key
+ fi
+ ;;
+ esac
;;
esac
Index: defaults/rc.conf
===================================================================
RCS file: /home/ncvs/src/etc/defaults/rc.conf,v
retrieving revision 1.132
diff -u -r1.132 rc.conf
--- defaults/rc.conf 24 Nov 2001 16:12:03 -0000 1.132
+++ defaults/rc.conf 27 Nov 2001 15:48:53 -0000
@@ -153,6 +153,8 @@
sshd_enable="NO" # Enable sshd
sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one.
sshd_flags="" # Additional flags for sshd.
+ssh_keygen_enable="YES" # Create sshd host keys if not exist.
+ssh_keygen_program="/usr/bin/ssh-keygen" # Create sshd host keys if not exist.
### Network daemon (NFS) Need all portmap_enable="YES" ###
amd_enable="NO" # Run amd service with $amd_flags (or NO).
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200111271600.fARG03543704>