openssh: Do full validation of the file.

'ssh-keygen -l' is a bit forgiving for corrupted files, hardening this by using 'ssh-keygen -y' instead.

openssh: Do full validation of the file.
'ssh-keygen -l' is a bit forgiving for corrupted files, hardening this by using 'ssh-keygen -y' instead.
b042ab7b · Markus Gothe · 3ce7af98 · b042ab7b
Commit b042ab7b authored 1 month ago by Markus Gothe
--- a/net/openssh/files/sshd.init
+++ b/net/openssh/files/sshd.init
@@ -346,7 +346,7 @@ start_service()
 		key=/etc/ssh/ssh_host_${type}_key
 		[ -f $key ] && {
 			[ -x /usr/bin/ssh-keygen ] && {
-				if ! /usr/bin/ssh-keygen -l -f $key > /dev/null 2>&1; then
+				if ! /usr/bin/ssh-keygen -y -f $key > /dev/null 2>&1; then
 					rm -rf $key
 				fi
 			}