Changeset 2327 in ProjectBuilder for devel/pb

Timestamp:

Sep 24, 2017, 3:14:56 AM (7 years ago)

Author:

Bruno Cornec

Message:

RSA keys should in fact be the default over DSA

File:

• devel/pb/bin/pb (modified) (2 diffs)

devel/pb/bin/pb

@@ -4715 +4715 @@
 my $ecdsa = 0;
 my $dsa = 0;
+my $rsa = 0;
 open(SCAN,"ssh-keyscan -p $nport -t ecdsa $target 2>/dev/null |") || pb_log(0,"Unable to check ECDSA support for $target");
 while(<SCAN>) {
     $ecdsa = 1 if ($_ =~ /ecdsa-/);
     pb_log(2,"Found ECDSA support on $target ($nport)\n");
+}
+close(SCAN);
+
+open(SCAN,"ssh-keyscan -p $nport -t rsa $target 2>/dev/null |") || pb_log(0,"Unable to check DSA support for $target");
+while(<SCAN>) {
+    $rsa = 1 if ($_ =~ /ssh-rsa/);
+    pb_log(2,"Found RSA support on $target ($nport)\n");
 }
 close(SCAN);
@@ -4738 +4746 @@
 }
 
-#$keyfile = "$ENV{'HOME'}/.ssh/id_rsa" if (-s "$ENV{'HOME'}/.ssh/id_rsa");
-# We still favoud DSA and fall back to ECDSA if not available
-if ($dsa != 0) {
+# Some ECDSA implementation are not working correctly e.g. RHEL7, Fedora 20/21
+if (!(-e "$ENV{'HOME'}/.ssh/pb_rsa") && ($create eq 1)) {
+    pb_system("ssh-keygen -q -b 2048 -N '' -f $ENV{'HOME'}/.ssh/pb_rsa -t rsa","Generating RSA SSH keys for pb");
+}
+
+# We still favour RSA and fall back to ECDSA if not available
+$keyfile = "$ENV{'HOME'}/.ssh/id_rsa" if (-s "$ENV{'HOME'}/.ssh/id_rsa");
+if ($rsa != 0) {
     # And we favour a specific key over a generic one except if in delivery to ftp server
-    $keyfile = "$ENV{'HOME'}/.ssh/id_dsa" if ((-s "$ENV{'HOME'}/.ssh/id_dsa") && ($create eq 0));
-    $keyfile = "$ENV{'HOME'}/.ssh/pb_dsa" if (-s "$ENV{'HOME'}/.ssh/pb_dsa");
+    $keyfile = "$ENV{'HOME'}/.ssh/id_rsa" if ((-s "$ENV{'HOME'}/.ssh/id_rsa") && ($create eq 0));
+    $keyfile = "$ENV{'HOME'}/.ssh/pb_rsa" if (-s "$ENV{'HOME'}/.ssh/pb_rsa");
 } else {
-    # And we favour a specific key over a generic one except if in delivery to ftp server
-    $keyfile = "$ENV{'HOME'}/.ssh/id_ecdsa" if ((-s "$ENV{'HOME'}/.ssh/id_ecdsa") && ($ecdsa != 0) && ($create eq 0));
-    $keyfile = "$ENV{'HOME'}/.ssh/pb_ecdsa" if ((-s "$ENV{'HOME'}/.ssh/pb_ecdsa") && ($ecdsa != 0));
+    if ($ecdsa != 0) {
+        # And we favour a specific key over a generic one except if in delivery to ftp server
+        $keyfile = "$ENV{'HOME'}/.ssh/id_ecdsa" if ((-s "$ENV{'HOME'}/.ssh/id_ecdsa") && ($ecdsa != 0) && ($create eq 0));
+        $keyfile = "$ENV{'HOME'}/.ssh/pb_ecdsa" if ((-s "$ENV{'HOME'}/.ssh/pb_ecdsa") && ($ecdsa != 0));
+    } elsif ($dsa != 0) {
+        # And we favour a specific key over a generic one except if in delivery to ftp server
+        $keyfile = "$ENV{'HOME'}/.ssh/id_dsa" if ((-s "$ENV{'HOME'}/.ssh/id_dsa") && ($dsa != 0) && ($create eq 0));
+        $keyfile = "$ENV{'HOME'}/.ssh/pb_dsa" if ((-s "$ENV{'HOME'}/.ssh/pb_dsa") && ($dsa != 0));
+    }
 }
 if (defined $keyfile) {