File: //usr/libexec/openssh/sshd-keygen
#!/bin/bash
# Create the host keys for the OpenSSH server.
KEYTYPE=$1
case $KEYTYPE in
"dsa") ;& # disabled in FIPS
"ed25519")
FIPS=/proc/sys/crypto/fips_enabled
if [[ -r "$FIPS" && $(cat $FIPS) == "1" ]]; then
exit 0
fi ;;
"rsa") ;; # always ok
"ecdsa") ;;
*) # wrong argument
exit 12 ;;
esac
KEY=/etc/ssh/ssh_host_${KEYTYPE}_key
KEYGEN=/usr/bin/ssh-keygen
if [[ ! -x $KEYGEN ]]; then
exit 13
fi
# remove old keys
rm -f $KEY{,.pub}
# create new keys
if ! $KEYGEN -q -t $KEYTYPE -f $KEY -C '' -N '' >&/dev/null; then
exit 1
fi
# sanitize permissions
/usr/bin/chgrp ssh_keys $KEY
/usr/bin/chmod 640 $KEY
/usr/bin/chmod 644 $KEY.pub
if [[ -x /usr/sbin/restorecon ]]; then
/usr/sbin/restorecon $KEY{,.pub}
fi
exit 0