From 0d484f4a2db7abc8043cb0dcc3a8c03a9f23547d Mon Sep 17 00:00:00 2001 From: dtucker Date: Fri, 3 Jun 2022 03:17:42 +0000 Subject: [PATCH] ssh-keygen -A: do not generate DSA keys by default. Based on github PR#303 from jsegitz with man page text from jmc@, ok markus@ djm@ --- usr.bin/ssh/ssh-keygen.1 | 10 +++++----- usr.bin/ssh/ssh-keygen.c | 3 +-- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1 index 4e7245366e8..5f429813769 100644 --- a/usr.bin/ssh/ssh-keygen.1 +++ b/usr.bin/ssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.222 2022/05/09 03:09:53 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.223 2022/06/03 03:17:42 dtucker Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 9 2022 $ +.Dd $Mdocdate: June 3 2022 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -271,9 +271,9 @@ should be placed to be activated. The options are as follows: .Bl -tag -width Ds .It Fl A -For each of the key types (rsa, dsa, ecdsa and ed25519) -for which host keys -do not exist, generate the host keys with the default key file path, +Generate host keys of all default key types (rsa, ecdsa, and +ed25519) if they do not already exist. +The host keys are generated with the default key file path, an empty passphrase, default bits for the key type, and default comment. If .Fl f diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 5faa1ceffa4..be05181a7fe 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.453 2022/05/31 14:05:12 naddy Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.454 2022/06/03 03:17:42 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -1024,7 +1024,6 @@ do_gen_all_hostkeys(struct passwd *pw) } key_types[] = { #ifdef WITH_OPENSSL { "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE }, - { "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE }, { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, #endif /* WITH_OPENSSL */ { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE }, -- 2.20.1