Changeset 2327


Ignore:
Timestamp:
Sep 24, 2017, 3:14:56 AM (4 weeks ago)
Author:
bruno
Message:

RSA keys should in fact be the default over DSA

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • 0.14.6/pb/bin/pb

    r2315 r2327  
    46604660my $ecdsa = 0;
    46614661my $dsa = 0;
     4662my $rsa = 0;
    46624663open(SCAN,"ssh-keyscan -p $nport -t ecdsa $target 2>/dev/null |") || pb_log(0,"Unable to check ECDSA support for $target");
    46634664while(<SCAN>) {
    46644665    $ecdsa = 1 if ($_ =~ /ecdsa-/);
    46654666    pb_log(2,"Found ECDSA support on $target ($nport)\n");
     4667}
     4668close(SCAN);
     4669
     4670open(SCAN,"ssh-keyscan -p $nport -t rsa $target 2>/dev/null |") || pb_log(0,"Unable to check DSA support for $target");
     4671while(<SCAN>) {
     4672    $rsa = 1 if ($_ =~ /ssh-rsa/);
     4673    pb_log(2,"Found RSA support on $target ($nport)\n");
    46664674}
    46674675close(SCAN);
     
    46834691}
    46844692
    4685 #$keyfile = "$ENV{'HOME'}/.ssh/id_rsa" if (-s "$ENV{'HOME'}/.ssh/id_rsa");
    4686 # We still favoud DSA and fall back to ECDSA if not available
    4687 if ($dsa != 0) {
     4693# Some ECDSA implementation are not working correctly e.g. RHEL7, Fedora 20/21
     4694if (!(-e "$ENV{'HOME'}/.ssh/pb_rsa") && ($create eq 1)) {
     4695    pb_system("ssh-keygen -q -b 2048 -N '' -f $ENV{'HOME'}/.ssh/pb_rsa -t rsa","Generating RSA SSH keys for pb");
     4696}
     4697
     4698# We still favour RSA and fall back to ECDSA if not available
     4699$keyfile = "$ENV{'HOME'}/.ssh/id_rsa" if (-s "$ENV{'HOME'}/.ssh/id_rsa");
     4700if ($rsa != 0) {
    46884701    # And we favour a specific key over a generic one except if in delivery to ftp server
    4689     $keyfile = "$ENV{'HOME'}/.ssh/id_dsa" if ((-s "$ENV{'HOME'}/.ssh/id_dsa") && ($create eq 0));
    4690     $keyfile = "$ENV{'HOME'}/.ssh/pb_dsa" if (-s "$ENV{'HOME'}/.ssh/pb_dsa");
     4702    $keyfile = "$ENV{'HOME'}/.ssh/id_rsa" if ((-s "$ENV{'HOME'}/.ssh/id_rsa") && ($create eq 0));
     4703    $keyfile = "$ENV{'HOME'}/.ssh/pb_rsa" if (-s "$ENV{'HOME'}/.ssh/pb_rsa");
    46914704} else {
    4692     # And we favour a specific key over a generic one except if in delivery to ftp server
    4693     $keyfile = "$ENV{'HOME'}/.ssh/id_ecdsa" if ((-s "$ENV{'HOME'}/.ssh/id_ecdsa") && ($ecdsa != 0) && ($create eq 0));
    4694     $keyfile = "$ENV{'HOME'}/.ssh/pb_ecdsa" if ((-s "$ENV{'HOME'}/.ssh/pb_ecdsa") && ($ecdsa != 0));
     4705    if ($ecdsa != 0) {
     4706        # And we favour a specific key over a generic one except if in delivery to ftp server
     4707        $keyfile = "$ENV{'HOME'}/.ssh/id_ecdsa" if ((-s "$ENV{'HOME'}/.ssh/id_ecdsa") && ($ecdsa != 0) && ($create eq 0));
     4708        $keyfile = "$ENV{'HOME'}/.ssh/pb_ecdsa" if ((-s "$ENV{'HOME'}/.ssh/pb_ecdsa") && ($ecdsa != 0));
     4709    } elsif ($dsa != 0) {
     4710        # And we favour a specific key over a generic one except if in delivery to ftp server
     4711        $keyfile = "$ENV{'HOME'}/.ssh/id_dsa" if ((-s "$ENV{'HOME'}/.ssh/id_dsa") && ($dsa != 0) && ($create eq 0));
     4712        $keyfile = "$ENV{'HOME'}/.ssh/pb_dsa" if ((-s "$ENV{'HOME'}/.ssh/pb_dsa") && ($dsa != 0));
     4713    }
    46954714}
    46964715if (defined $keyfile) {
  • devel/pb/bin/pb

    r2324 r2327  
    47154715my $ecdsa = 0;
    47164716my $dsa = 0;
     4717my $rsa = 0;
    47174718open(SCAN,"ssh-keyscan -p $nport -t ecdsa $target 2>/dev/null |") || pb_log(0,"Unable to check ECDSA support for $target");
    47184719while(<SCAN>) {
    47194720    $ecdsa = 1 if ($_ =~ /ecdsa-/);
    47204721    pb_log(2,"Found ECDSA support on $target ($nport)\n");
     4722}
     4723close(SCAN);
     4724
     4725open(SCAN,"ssh-keyscan -p $nport -t rsa $target 2>/dev/null |") || pb_log(0,"Unable to check DSA support for $target");
     4726while(<SCAN>) {
     4727    $rsa = 1 if ($_ =~ /ssh-rsa/);
     4728    pb_log(2,"Found RSA support on $target ($nport)\n");
    47214729}
    47224730close(SCAN);
     
    47384746}
    47394747
    4740 #$keyfile = "$ENV{'HOME'}/.ssh/id_rsa" if (-s "$ENV{'HOME'}/.ssh/id_rsa");
    4741 # We still favoud DSA and fall back to ECDSA if not available
    4742 if ($dsa != 0) {
     4748# Some ECDSA implementation are not working correctly e.g. RHEL7, Fedora 20/21
     4749if (!(-e "$ENV{'HOME'}/.ssh/pb_rsa") && ($create eq 1)) {
     4750    pb_system("ssh-keygen -q -b 2048 -N '' -f $ENV{'HOME'}/.ssh/pb_rsa -t rsa","Generating RSA SSH keys for pb");
     4751}
     4752
     4753# We still favour RSA and fall back to ECDSA if not available
     4754$keyfile = "$ENV{'HOME'}/.ssh/id_rsa" if (-s "$ENV{'HOME'}/.ssh/id_rsa");
     4755if ($rsa != 0) {
    47434756    # And we favour a specific key over a generic one except if in delivery to ftp server
    4744     $keyfile = "$ENV{'HOME'}/.ssh/id_dsa" if ((-s "$ENV{'HOME'}/.ssh/id_dsa") && ($create eq 0));
    4745     $keyfile = "$ENV{'HOME'}/.ssh/pb_dsa" if (-s "$ENV{'HOME'}/.ssh/pb_dsa");
     4757    $keyfile = "$ENV{'HOME'}/.ssh/id_rsa" if ((-s "$ENV{'HOME'}/.ssh/id_rsa") && ($create eq 0));
     4758    $keyfile = "$ENV{'HOME'}/.ssh/pb_rsa" if (-s "$ENV{'HOME'}/.ssh/pb_rsa");
    47464759} else {
    4747     # And we favour a specific key over a generic one except if in delivery to ftp server
    4748     $keyfile = "$ENV{'HOME'}/.ssh/id_ecdsa" if ((-s "$ENV{'HOME'}/.ssh/id_ecdsa") && ($ecdsa != 0) && ($create eq 0));
    4749     $keyfile = "$ENV{'HOME'}/.ssh/pb_ecdsa" if ((-s "$ENV{'HOME'}/.ssh/pb_ecdsa") && ($ecdsa != 0));
     4760    if ($ecdsa != 0) {
     4761        # And we favour a specific key over a generic one except if in delivery to ftp server
     4762        $keyfile = "$ENV{'HOME'}/.ssh/id_ecdsa" if ((-s "$ENV{'HOME'}/.ssh/id_ecdsa") && ($ecdsa != 0) && ($create eq 0));
     4763        $keyfile = "$ENV{'HOME'}/.ssh/pb_ecdsa" if ((-s "$ENV{'HOME'}/.ssh/pb_ecdsa") && ($ecdsa != 0));
     4764    } elsif ($dsa != 0) {
     4765        # And we favour a specific key over a generic one except if in delivery to ftp server
     4766        $keyfile = "$ENV{'HOME'}/.ssh/id_dsa" if ((-s "$ENV{'HOME'}/.ssh/id_dsa") && ($dsa != 0) && ($create eq 0));
     4767        $keyfile = "$ENV{'HOME'}/.ssh/pb_dsa" if ((-s "$ENV{'HOME'}/.ssh/pb_dsa") && ($dsa != 0));
     4768    }
    47504769}
    47514770if (defined $keyfile) {
Note: See TracChangeset for help on using the changeset viewer.