openssh: Validate keys and regenerate if needed.

Imitate dropbear init.d-script and make sure we don't end up with corrupt keys. Signed-off-by: Markus Gothe <[email protected]>
openwrt · Jan 15, 2025 · 68288ed · 68288ed
1 parent d91b062
commit 68288ed
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/net/openssh/files/sshd.init b/net/openssh/files/sshd.init
@@ -12,6 +12,13 @@ start_service() {
 	do
 		# check for keys
 		key=/etc/ssh/ssh_host_${type}_key
+		[ -f $key ] && {
+			[ -x /usr/bin/ssh-keygen ] && {
+				if ! /usr/bin/ssh-keygen -l -f $key > /dev/null 2>&1; then
+					rm -rf $key
+				fi
+			}
+		}
 		[ ! -f $key ] && {
 			# generate missing keys
 			[ -x /usr/bin/ssh-keygen ] && {