- (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init]

   [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES
   init scrips from imorgan AT nas.nasa.gov

5 files changed, 28 insertions, 100 deletions

diff --git a/ChangeLog b/ChangeLog
index 8b126932..7d323f69 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,9 @@
  - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
    change error by reporting old and new context names  Patch from
    jchadima at redhat.
+ - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init]
+   [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES
+   init scrips from imorgan AT nas.nasa.gov
 
 20110807
  - (dtucker) OpenBSD CVS Sync
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 23657eac..2b927f17 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -84,24 +84,24 @@ Obsoletes: ssh
 %if %{build6x}
 PreReq: initscripts >= 5.00
 %else
-PreReq: initscripts >= 5.20
+Requires: initscripts >= 5.20
 %endif
-BuildPreReq: perl, openssl-devel, tcp_wrappers
-BuildPreReq: /bin/login
+BuildRequires: perl, openssl-devel, tcp_wrappers
+BuildRequires: /bin/login
 %if ! %{build6x}
 BuildPreReq: glibc-devel, pam
 %else
-BuildPreReq: /usr/include/security/pam_appl.h
+BuildRequires: /usr/include/security/pam_appl.h
 %endif
 %if ! %{no_x11_askpass}
-BuildPreReq: /usr/include/X11/Xlib.h
+BuildRequires: /usr/include/X11/Xlib.h
 %endif
 %if ! %{no_gnome_askpass}
-BuildPreReq: pkgconfig
+BuildRequires: pkgconfig
 %endif
 %if %{kerberos5}
-BuildPreReq: krb5-devel
-BuildPreReq: krb5-libs
+BuildRequires: krb5-devel
+BuildRequires: krb5-libs
 %endif
 
 %package clients
@@ -114,7 +114,7 @@ Obsoletes: ssh-clients
 Summary: The OpenSSH server daemon.
 Group: System Environment/Daemons
 Obsoletes: ssh-server
-PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9
+Requires: openssh = %{version}-%{release}, chkconfig >= 0.9
 %if ! %{build6x}
 Requires: /etc/pam.d/system-auth
 %endif
@@ -712,7 +712,7 @@ fi
   it generates.
 
 * Thu Oct  5 2000 Nalin Dahyabhai <nalin@redhat.com>
-- Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always
+- Add BuildRequires on /usr/include/security/pam_appl.h to be sure we always
   build PAM authentication in.
 - Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
 - Clean out no-longer-used patches.
@@ -721,7 +721,7 @@ fi
 
 * Mon Oct  2 2000 Nalin Dahyabhai <nalin@redhat.com>
 - Update x11-askpass to 1.0.2. (#17835)
-- Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will
+- Add BuildRequiress for /bin/login and /usr/bin/rsh so that configure will
   always find them in the right place. (#17909)
 - Set the default path to be the same as the one supplied by /bin/login, but
   add /usr/X11R6/bin. (#17909)
diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init
index 854aff66..2334d814 100755
--- a/contrib/redhat/sshd.init
+++ b/contrib/redhat/sshd.init
@@ -22,70 +22,9 @@ RETVAL=0
 prog="sshd"
 
 # Some functions to make the below more readable
-KEYGEN=/usr/bin/ssh-keygen
 SSHD=/usr/sbin/sshd
-RSA1_KEY=/etc/ssh/ssh_host_key
-RSA_KEY=/etc/ssh/ssh_host_rsa_key
-DSA_KEY=/etc/ssh/ssh_host_dsa_key
 PID_FILE=/var/run/sshd.pid
 
-do_rsa1_keygen() {
-	if [ ! -s $RSA1_KEY ]; then
-		echo -n $"Generating SSH1 RSA host key: "
-		if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $RSA1_KEY
-			chmod 644 $RSA1_KEY.pub
-			if [ -x /sbin/restorecon ]; then
-			    /sbin/restorecon $RSA1_KEY.pub
-			fi
-			success $"RSA1 key generation"
-			echo
-		else
-			failure $"RSA1 key generation"
-			echo
-			exit 1
-		fi
-	fi
-}
-
-do_rsa_keygen() {
-	if [ ! -s $RSA_KEY ]; then
-		echo -n $"Generating SSH2 RSA host key: "
-		if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $RSA_KEY
-			chmod 644 $RSA_KEY.pub
-			if [ -x /sbin/restorecon ]; then
-			    /sbin/restorecon $RSA_KEY.pub
-			fi
-			success $"RSA key generation"
-			echo
-		else
-			failure $"RSA key generation"
-			echo
-			exit 1
-		fi
-	fi
-}
-
-do_dsa_keygen() {
-	if [ ! -s $DSA_KEY ]; then
-		echo -n $"Generating SSH2 DSA host key: "
-		if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $DSA_KEY
-			chmod 644 $DSA_KEY.pub
-			if [ -x /sbin/restorecon ]; then
-			    /sbin/restorecon $DSA_KEY.pub
-			fi
-			success $"DSA key generation"
-			echo
-		else
-			failure $"DSA key generation"
-			echo
-			exit 1
-		fi
-	fi
-}
-
 do_restart_sanity_check()
 {
 	$SSHD -t
@@ -99,9 +38,13 @@ do_restart_sanity_check()
 start()
 {
 	# Create keys if necessary
-	do_rsa1_keygen
-	do_rsa_keygen
-	do_dsa_keygen
+	/usr/bin/ssh-keygen -A
+	if [ -x /sbin/restorecon ]; then
+		/sbin/restorcon /etc/ssh/ssh_host_key.pub
+		/sbin/restorcon /etc/ssh/ssh_host_rsa_key.pub
+		/sbin/restorcon /etc/ssh/ssh_host_dsa_key.pub
+		/sbin/restorcon /etc/ssh/ssh_host_ecdsa_key.pub
+	fi
 
 	echo -n $"Starting $prog:"
 	$SSHD $OPTIONS && success || failure
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index db0c127b..4621f548 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -28,11 +28,12 @@ Provides:	ssh
 # (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.)
 # building prerequisites -- stuff for
 #   OpenSSL (openssl-devel),
-#   TCP Wrappers (nkitb),
+#   TCP Wrappers (tcpd-devel),
 #   and Gnome (glibdev, gtkdev, and gnlibsd)
 #
 BuildPrereq:	openssl
-BuildPrereq:	nkitb
+BuildPrereq:	tcpd-devel
+BuildPrereq:	zlib-devel
 #BuildPrereq:	glibdev
 #BuildPrereq:	gtkdev
 #BuildPrereq:	gnlibsd
@@ -177,15 +178,8 @@ rm -rf $RPM_BUILD_ROOT
 /usr/sbin/useradd -r -o -g sshd -u %{sshd_uid} -s /bin/false -c "SSH Privilege Separation User" -d /var/lib/sshd sshd 2> /dev/null || :
 
 %post
-if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
-	echo "Generating SSH RSA host key..."
-	/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
-fi
-if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
-	echo "Generating SSH DSA host key..."
-	/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
-fi
-%{fillup_and_insserv -n -s -y ssh sshd START_SSHD}
+/usr/bin/ssh-keygen -A
+%{fillup_and_insserv -n -y ssh sshd}
 %run_permissions
 
 %verifyscript
diff --git a/contrib/suse/rc.sshd b/contrib/suse/rc.sshd
index 4d4880d7..4a3bc41d 100644
--- a/contrib/suse/rc.sshd
+++ b/contrib/suse/rc.sshd
@@ -43,20 +43,8 @@ rc_reset
 
 case "$1" in
     start)
-        if ! test -f /etc/ssh/ssh_host_key ; then
-	    echo Generating /etc/ssh/ssh_host_key.
-	    ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''
-        fi
-        if ! test -f /etc/ssh/ssh_host_dsa_key ; then
-	    echo Generating /etc/ssh/ssh_host_dsa_key.
-	    
-	    ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
-        fi
-        if ! test -f /etc/ssh/ssh_host_rsa_key ; then
-	    echo Generating /etc/ssh/ssh_host_rsa_key.
-	    
-	    ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
-        fi
+	# Generate any missing host keys
+	ssh-keygen -A
 	echo -n "Starting SSH daemon"
 	## Start daemon with startproc(8). If this fails
 	## the echo return value is set appropriate.