Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

sshd: move SSH host keys back to /etc/ssh. #17

Open
wants to merge 1 commit into from

1 participant

@PiotrSikora

I can only assume that the original reason for putting SSH host keys
in /var/ssh was transient state of /etc/ssh. Luckly for us, starting
with SmartOS-20110926, /etc/ssh is persistent, so we can bring keys
back to where they belong.

@PiotrSikora PiotrSikora sshd: move SSH host keys back to /etc/ssh.
I can only assume that the original reason for putting SSH host keys
in /var/ssh was transient state of /etc/ssh. Luckly for us, starting
with SmartOS-20110926, /etc/ssh is persistent, so we can bring keys
back to where they belong.

Change-Id: I02cd52cb5bfd102d2ee88ab567c2a2a32a01b5f7
Signed-off-by: Piotr Sikora <piotr.sikora@frickle.com>
46d53e3
@PiotrSikora

Rebased.

@richlowe richlowe referenced this pull request from a commit in richlowe/smartos-live
@trentm trentm OS-544: upgrade json to 1.3.4 (the latest) mainly for issue #17 fix (…
…stdout flushing)
99597d7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Dec 15, 2011
  1. @PiotrSikora

    sshd: move SSH host keys back to /etc/ssh.

    PiotrSikora authored
    I can only assume that the original reason for putting SSH host keys
    in /var/ssh was transient state of /etc/ssh. Luckly for us, starting
    with SmartOS-20110926, /etc/ssh is persistent, so we can bring keys
    back to where they belong.
    
    Change-Id: I02cd52cb5bfd102d2ee88ab567c2a2a32a01b5f7
    Signed-off-by: Piotr Sikora <piotr.sikora@frickle.com>
This page is out of date. Refresh to see the latest.
View
4 overlay/generic/etc/ssh/sshd_config
@@ -81,8 +81,8 @@ LogLevel info
# Host private key files
# Must be on a local disk and readable only by the root user (root:sys 600).
-HostKey /var/ssh/ssh_host_rsa_key
-HostKey /var/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
# Length of the server key
# Default 768, Minimum 512
View
117 overlay/generic/lib/svc/method/sshd
@@ -1,117 +0,0 @@
-#!/sbin/sh
-#
-# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
-#
-
-. /lib/svc/share/ipf_include.sh
-. /lib/svc/share/smf_include.sh
-
-SSHDIR=/etc/ssh
-SSHKEYDIR=/var/ssh
-KEYGEN="/usr/bin/ssh-keygen -q"
-PIDFILE=/var/run/sshd.pid
-
-# Checks to see if RSA, and DSA host keys are available
-# if any of these keys are not present, the respective keys are created.
-create_key()
-{
- keypath=$1
- keytype=$2
-
- if [ ! -f $keypath ]; then
- #
- # HostKey keywords in sshd_config may be preceded or
- # followed by a mix of any number of space or tabs,
- # and optionally have an = between keyword and
- # argument. We use two grep invocations such that we
- # can match HostKey case insensitively but still have
- # the case of the path name be significant, keeping
- # the pattern somewhat more readable.
- #
- # The character classes below contain one literal
- # space and one literal tab.
- #
- grep -i "^[ ]*HostKey[ ]*=\{0,1\}[ ]*$keypath" \
- $SSHDIR/sshd_config | grep "$keypath" > /dev/null 2>&1
-
- if [ $? -eq 0 ]; then
- echo Creating new $keytype public/private host key pair
- $KEYGEN -f $keypath -t $keytype -N ''
- if [ $? -ne 0 ]; then
- echo "Could not create $keytype key: $keypath"
- exit $SMF_EXIT_ERR_CONFIG
- fi
- fi
- fi
-}
-
-create_ipf_rules()
-{
- FMRI=$1
- ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX`
- policy=`get_policy ${FMRI}`
-
- #
- # Get port from /etc/ssh/sshd_config
- #
- tports=`grep "^Port" /etc/ssh/sshd_config 2>/dev/null | \
- awk '{print $2}'`
-
- echo "# $FMRI" >$ipf_file
- for port in $tports; do
- generate_rules $FMRI $policy "tcp" "any" $port $ipf_file
- done
-}
-
-# This script is being used for two purposes: as part of an SMF
-# start/stop/refresh method, and as a sysidconfig(1M)/sys-unconfig(1M)
-# application.
-#
-# Both, the SMF methods and sysidconfig/sys-unconfig use different
-# arguments..
-
-case $1 in
- # sysidconfig/sys-unconfig arguments (-c and -u)
-'-c')
- create_key $SSHDIR/ssh_host_rsa_key rsa
- create_key $SSHDIR/ssh_host_dsa_key dsa
- ;;
-
-'-u')
- # sys-unconfig(1M) knows how to remove ssh host keys, so there's
- # nothing to do here.
- :
- ;;
-
- # SMF arguments (start and restart [really "refresh"])
-
-'ipfilter')
- create_ipf_rules $2
- ;;
-
-'start')
- #
- # If host keys don't exist when the service is started, create
- # them; sysidconfig is not run in every situation (such as on
- # the install media).
- #
- create_key $SSHKEYDIR/ssh_host_rsa_key rsa
- create_key $SSHKEYDIR/ssh_host_dsa_key dsa
-
- /usr/lib/ssh/sshd
- ;;
-
-'restart')
- if [ -f "$PIDFILE" ]; then
- /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
- fi
- ;;
-
-*)
- echo "Usage: $0 { start | restart }"
- exit 1
- ;;
-esac
-
-exit $?
View
1  overlay/generic/manifest
@@ -76,7 +76,6 @@ f lib/sdc/network.sh 0444 root bin
f lib/sdc/zone.sh 0444 root bin
d lib/svc 0755 root bin
f lib/svc/method/ipfilter 0555 root sys
-f lib/svc/method/sshd 0555 root bin
f lib/svc/method/fs-usr 0555 root bin
f lib/svc/method/identity-node 0555 root bin
f lib/svc/method/manifest-import 0555 root bin
Something went wrong with that request. Please try again.