diff options
author | Christian Poessinger <christian@poessinger.com> | 2021-01-17 13:45:03 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-01-17 13:45:24 +0100 |
commit | 70ae542e3ead29869576788377a3fc8d2a0cc473 (patch) | |
tree | 64fde3cd96d01b3eaff320e1c578d9c5bbcbf8e5 | |
parent | 82ad19cc868fbdbcd212dd47ee8148333db1d4a0 (diff) | |
download | vyos-1x-70ae542e3ead29869576788377a3fc8d2a0cc473.tar.gz vyos-1x-70ae542e3ead29869576788377a3fc8d2a0cc473.zip |
ssh: T671: generate rsa, dsa and ed25519 keys on demand
-rwxr-xr-x | smoketest/scripts/cli/test_service_ssh.py | 8 | ||||
-rwxr-xr-x | src/conf_mode/ssh.py | 20 |
2 files changed, 27 insertions, 1 deletions
diff --git a/smoketest/scripts/cli/test_service_ssh.py b/smoketest/scripts/cli/test_service_ssh.py index 1e099b0a5..68081e56f 100755 --- a/smoketest/scripts/cli/test_service_ssh.py +++ b/smoketest/scripts/cli/test_service_ssh.py @@ -29,6 +29,10 @@ SSHD_CONF = '/run/sshd/sshd_config' base_path = ['service', 'ssh'] vrf = 'mgmt' +key_rsa = '/etc/ssh/ssh_host_rsa_key' +key_dsa = '/etc/ssh/ssh_host_dsa_key' +key_ed25519 = '/etc/ssh/ssh_host_ed25519_key' + def get_config_value(key): tmp = read_file(SSHD_CONF) tmp = re.findall(f'\n?{key}\s+(.*)', tmp) @@ -47,6 +51,10 @@ class TestServiceSSH(unittest.TestCase): self.session.commit() del self.session + self.assertTrue(os.path.isfile(key_rsa)) + self.assertTrue(os.path.isfile(key_dsa)) + self.assertTrue(os.path.isfile(key_ed25519)) + def test_ssh_default(self): # Check if SSH service runs with default settings - used for checking # behavior of <defaultValue> in XML definition diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index 8eeb0a7c1..67724b043 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2020 VyOS maintainers and contributors +# Copyright (C) 2018-2021 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -17,6 +17,8 @@ import os from sys import exit +from syslog import syslog +from syslog import LOG_INFO from vyos.config import Config from vyos.configdict import dict_merge @@ -31,6 +33,10 @@ airbag.enable() config_file = r'/run/sshd/sshd_config' systemd_override = r'/etc/systemd/system/ssh.service.d/override.conf' +key_rsa = '/etc/ssh/ssh_host_rsa_key' +key_dsa = '/etc/ssh/ssh_host_dsa_key' +key_ed25519 = '/etc/ssh/ssh_host_ed25519_key' + def get_config(config=None): if config: conf = config @@ -66,6 +72,18 @@ def generate(ssh): return None + # This usually happens only once on a fresh system, SSH keys need to be + # freshly generted, one per every system! + if not os.path.isfile(key_rsa): + syslog(LOG_INFO, 'SSH RSA host key not found, generating new key!') + call(f'ssh-keygen -q -N "" -t rsa -f {key_rsa}') + if not os.path.isfile(key_dsa): + syslog(LOG_INFO, 'SSH DSA host key not found, generating new key!') + call(f'ssh-keygen -q -N "" -t dsa -f {key_dsa}') + if not os.path.isfile(key_ed25519): + syslog(LOG_INFO, 'SSH ed25519 host key not found, generating new key!') + call(f'ssh-keygen -q -N "" -t ed25519 -f {key_ed25519}') + render(config_file, 'ssh/sshd_config.tmpl', ssh) render(systemd_override, 'ssh/override.conf.tmpl', ssh) # Reload systemd manager configuration |