sshd: Warn about missing ssh-keygen only when necessary

The sshd service is using ssh-keygen to generate missing SSH keys.
If ssh-keygen is missing, it prints the following message:

> /etc/rc.d/sshd: WARNING: /usr/bin/ssh-keygen does not exist.

It makes sense when the key is not generated yet and
cannot be created because ssh-keygen is missing.

The problem is that even if the key is present on the host,
the sshd service would still warn about missing ssh-keygen
(even though it does not need it).

Reviewed by:	emaste
Approved by:	emaste (src)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D23911
This commit is contained in:
0mp 2020-04-15 14:07:33 +00:00
parent 9877ae06d7
commit e88843c7a5

View File

@ -45,18 +45,19 @@ sshd_keygen_alg()
;;
esac
if [ -f "${keyfile}" ] ; then
info "$ALG host key exists."
return 0
fi
if [ ! -x /usr/bin/ssh-keygen ] ; then
warn "/usr/bin/ssh-keygen does not exist."
return 1
fi
if [ -f "${keyfile}" ] ; then
info "$ALG host key exists."
else
echo "Generating $ALG host key."
/usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N ""
/usr/bin/ssh-keygen -l -f "$keyfile.pub"
fi
echo "Generating $ALG host key."
/usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N ""
/usr/bin/ssh-keygen -l -f "$keyfile.pub"
}
sshd_keygen()