From: Markus Gothe <markus.gothe@genexis.eu>
Date: Wed, 15 Jan 2025 17:54:29 +0000 (+0100)
Subject: openssh: Validate keys and regenerate if needed.
X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=69c29a5b26505ca5ee3633b0b6a5463411f2a6d8;p=feed%2Fpackages.git

openssh: Validate keys and regenerate if needed.

Imitate dropbear init.d-script and make sure we
don't end up with corrupt keys.

This can happen if we use a caching filesystem,
like 'ubifs', and the DUT is powered off during
boot-up.

Signed-off-by: Markus Gothe <markus.gothe@genexis.eu>
---

diff --git a/net/openssh/files/sshd.init b/net/openssh/files/sshd.init
index 8dce2a1e6c..998b9a5869 100644
--- a/net/openssh/files/sshd.init
+++ b/net/openssh/files/sshd.init
@@ -12,6 +12,13 @@ start_service() {
 	do
 		# check for keys
 		key=/etc/ssh/ssh_host_${type}_key
+		[ -f $key ] && {
+			[ -x /usr/bin/ssh-keygen ] && {
+				if ! /usr/bin/ssh-keygen -y -f $key > /dev/null 2>&1; then
+					rm -rf $key
+				fi
+			}
+		}
 		[ ! -f $key ] && {
 			# generate missing keys
 			[ -x /usr/bin/ssh-keygen ] && {