[src/netbsd-6]: src/etc/rc.d Pull up following revision(s) (requested by mrg ...

[snj <snj%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/c88339ca7233
branches:  netbsd-6
changeset: 777206:c88339ca7233
user:      snj <snj%NetBSD.org@localhost>
date:      Tue Aug 15 05:35:01 2017 +0000

description:
Pull up following revision(s) (requested by mrg in ticket #1468):
        etc/rc.d/sshd: revision 1.22-1.23
PR/47540: Felix Deichmann: DSA keys can only be 1024 bits.
--
Add new keytype, replace duplicated code with loop

diffstat:

 etc/rc.d/sshd |  64 +++++++++++++++++++++++-----------------------------------
 1 files changed, 26 insertions(+), 38 deletions(-)

diffs (88 lines):

diff -r 08492db3d209 -r c88339ca7233 etc/rc.d/sshd
--- a/etc/rc.d/sshd     Tue Aug 15 05:27:20 2017 +0000
+++ b/etc/rc.d/sshd     Tue Aug 15 05:35:01 2017 +0000
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $NetBSD: sshd,v 1.21 2011/07/25 03:04:23 christos Exp $
+# $NetBSD: sshd,v 1.21.4.1 2017/08/15 05:35:01 snj Exp $
 #
 
 # PROVIDE: sshd
@@ -17,44 +17,31 @@
 
 sshd_keygen()
 {
-       (
+(
+       keygen="/usr/bin/ssh-keygen"
        umask 022
-       if [ -f /etc/ssh/ssh_host_key ]; then
-               echo "You already have an RSA host key" \
-                   "in /etc/ssh/ssh_host_key"
-               echo "Skipping protocol version 1 RSA Key Generation"
-       else
-               /usr/bin/ssh-keygen -t rsa1 ${ssh_keygen_flags} \
-                   -f /etc/ssh/ssh_host_key -N ''
-       fi
-
-       if [ -f /etc/ssh/ssh_host_dsa_key ]; then
-               echo "You already have a DSA host key" \
-                   "in /etc/ssh/ssh_host_dsa_key"
-               echo "Skipping protocol version 2 DSA Key Generation"
-       else
-               /usr/bin/ssh-keygen -t dsa ${ssh_keygen_flags} \
-                   -f /etc/ssh/ssh_host_dsa_key -N ''
-       fi
-
-       if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then
-               echo "You already have a ECDSA host key" \
-                   "in /etc/ssh/ssh_host_ecdsa_key"
-               echo "Skipping protocol version 1 ECDSA Key Generation"
-       else
-               /usr/bin/ssh-keygen -t ecdsa -b 521 \
-                   -f /etc/ssh/ssh_host_ecdsa_key -N ''
-       fi
-
-       if [ -f /etc/ssh/ssh_host_rsa_key ]; then
-               echo "You already have a RSA host key" \
-                   "in /etc/ssh/ssh_host_rsa_key"
-               echo "Skipping protocol version 2 RSA Key Generation"
-       else
-               /usr/bin/ssh-keygen -t rsa ${ssh_keygen_flags} \
-                   -f /etc/ssh/ssh_host_rsa_key -N ''
-       fi
-       )
+       while read type bits filename version name;  do
+               f="/etc/ssh/$filename"
+               if [ -f "$f" ]; then
+                       echo "You already have an $name host key in $f"
+                       echo "Skipping protocol version $version $name" \
+                           "Key Generation"
+               else
+                       case "${bits}" in
+                       -1)     bitarg=;;
+                       0)      bitarg="${ssh_keygen_flags}";;
+                       *)      bitarg="-b ${bits}";;
+                       esac
+                       "${keygen}" -t "${type}" ${bitarg} -f "${f}" -N ''
+               fi
+       done << _EOF
+rsa1   0       ssh_host_key            1       RSA
+dsa    1024    ssh_host_dsa_key        2       DSA
+ecdsa  521     ssh_host_ecdsa_key      1       ECDSA
+ed25519        -1      ssh_host_ed25519_key    1       ED25519
+rsa    0       ssh_host_rsa_key        2       RSA
+_EOF
+)
 }
 
 sshd_precmd()
@@ -62,6 +49,7 @@
        if [ ! -f /etc/ssh/ssh_host_key -o \
            ! -f /etc/ssh/ssh_host_dsa_key -o \
            ! -f /etc/ssh/ssh_host_ecdsa_key -o \
+           ! -f /etc/ssh/ssh_host_ed25519_key -o \
            ! -f /etc/ssh/ssh_host_rsa_key ]; then
                run_rc_command keygen
        fi