#!/bin/sh # /usr/sbin/sshd-keymanager.sh # # Copyright: ©2007–2015, Güralp Systems Ltd. # Author: Laurence Withers # License: GPLv3 # SSH_CONF_DIR="/etc/ssh.local" if [ $# -ne 1 -o "$1" = "--help" ] then echo "Usage:" echo "" echo " sshd-keymanager ACTION" echo "" echo "Valid actions are:" echo " install Installing any missing keys." echo " regenerate Remove existing keys and install new keys." echo " regen_dsa Regenerate v2 DSA key." echo " regen_rsa Regenerate v2 RSA key." echo " regen_ecdsa Regenerate ECDSA key." echo " regen_ed25519 Regenerate ED25519 key." exit 1 fi regen_dsa() { echo " * Creating new v2 DSA key" KEY="${SSH_CONF_DIR}/ssh_host_dsa_key" rm -f "${KEY}" ssh-keygen -t dsa -f "${KEY}" -N '' } regen_rsa() { echo " * Creating new v2 RSA key" KEY="${SSH_CONF_DIR}/ssh_host_rsa_key" rm -f "${KEY}" ssh-keygen -t rsa -f "${KEY}" -N '' } regen_ecdsa() { echo " * Creating new ECDSA key" KEY="${SSH_CONF_DIR}/ssh_host_ecdsa_key" rm -f "${KEY}" ssh-keygen -t ecdsa -f "${KEY}" -N '' } regen_ed25519() { echo " * Creating new ED25519 key" KEY="${SSH_CONF_DIR}/ssh_host_ed25519_key" rm -f "${KEY}" ssh-keygen -t ed25519 -f "${KEY}" -N '' } case $1 in install) echo "Checking sshd keys..." [ ! -e "${SSH_CONF_DIR}/ssh_host_dsa_key" ] && regen_dsa [ ! -e "${SSH_CONF_DIR}/ssh_host_rsa_key" ] && regen_rsa [ ! -e "${SSH_CONF_DIR}/ssh_host_ecdsa_key" ] && regen_ecdsa [ ! -e "${SSH_CONF_DIR}/ssh_host_ed25519_key" ] && regen_ed25519 echo " * Done" true ;; regenerate) echo "Regenerating sshd keys..." regen_dsa regen_rsa regen_ecdsa regen_ed25519 echo " * Done" ;; regen_dsa) regen_dsa ;; regen_rsa) regen_rsa ;; regen_ecdsa) regen_ecdsa ;; regen_ed25519) regen_ed25519 ;; *) echo "Unrecognised action '$1'" exit 1 ;; esac