From 55dfd5fcdf70d81034d18697569432fae02dddb7 Mon Sep 17 00:00:00 2001
From: Greg Bruno <greg.bruno@stackiq.com>
Date: Thu, 25 Jun 2015 19:00:22 -0400
Subject: [PATCH] RHEL/CentOS 7.x has added a new ssh host key
 (ssh_host_ed25519_key)

---
 nodes/ssh-client.xml                          | 24 ++++++++++++++-----
 nodes/ssh-server.xml                          |  4 +---
 .../kickstart/utils/read-ssh-private-key.c    | 17 ++++++++-----
 3 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/nodes/ssh-client.xml b/nodes/ssh-client.xml
index 5a9f29282..2a850e5fa 100644
--- a/nodes/ssh-client.xml
+++ b/nodes/ssh-client.xml
@@ -67,7 +67,7 @@ UseDNS no
 <post cond="'&release;' == '6.x'">
 
 key="
-<eval cond="'&release;' == '6.x'">
+<eval>
 /opt/stack/sbin/read-ssh-private-key RSA1 | python -c '
 import base64 
 import sys 
@@ -82,19 +82,19 @@ base64.decode(sys.stdin, sys.stdout)' > /etc/ssh/ssh_host_key
 chmod 0400 /etc/ssh/ssh_host_key
 
 <file name="/etc/ssh/ssh_host_key.pub" perms="0444">
-<eval cond="'&release;' == '6.x'">
+<eval>
 cat /etc/ssh/ssh_host_key.pub
 </eval>
 </file>
 
 <file name="/etc/ssh/ssh_host_dsa_key" perms="0400">
-<eval cond="'&release;' == '6.x'">
+<eval>
 /opt/stack/sbin/read-ssh-private-key DSA
 </eval>
 </file>
 
 <file name="/etc/ssh/ssh_host_dsa_key.pub" perms="0444">
-<eval cond="'&release;' == '6.x'">
+<eval>
 cat /etc/ssh/ssh_host_dsa_key.pub
 </eval>
 </file>
@@ -105,17 +105,29 @@ cat /etc/ssh/ssh_host_dsa_key.pub
 <post cond="'&release;' == '7.x'">
 
 <file name="/etc/ssh/ssh_host_ecdsa_key" perms="0400">
-<eval cond="'&release;' == '7.x'">
+<eval>
 /opt/stack/sbin/read-ssh-private-key ECDSA
 </eval>
 </file>
 
 <file name="/etc/ssh/ssh_host_ecdsa_key.pub" perms="0444">
-<eval cond="'&release;' == '7.x'">
+<eval>
 cat /etc/ssh/ssh_host_ecdsa_key.pub
 </eval>
 </file>
 
+<file name="/etc/ssh/ssh_host_ed25519_key" perms="0400">
+<eval>
+/opt/stack/sbin/read-ssh-private-key ED25519
+</eval>
+</file>
+
+<file name="/etc/ssh/ssh_host_ed25519_key.pub" perms="0444">
+<eval>
+cat /etc/ssh/ssh_host_ed25519_key.pub
+</eval>
+</file>
+
 </post>
 
 
diff --git a/nodes/ssh-server.xml b/nodes/ssh-server.xml
index 0c0c52b51..1ad9df5c1 100644
--- a/nodes/ssh-server.xml
+++ b/nodes/ssh-server.xml
@@ -15,9 +15,7 @@ All rights reserved. stacki(r) v1.0 www.stacki.com
   
 <post>
 <!-- clean up ssh_host* files. They will be recreated on first boot -->
-rm -f /etc/ssh/ssh_host_dsa_key*
-rm -f /etc/ssh/ssh_host_rsa_key*
-rm -f /etc/ssh/ssh_host_key*
+rm -f /etc/ssh/ssh_host_*
 </post>
 
 
diff --git a/src/stack/kickstart/utils/read-ssh-private-key.c b/src/stack/kickstart/utils/read-ssh-private-key.c
index ae96b2809..84234be41 100644
--- a/src/stack/kickstart/utils/read-ssh-private-key.c
+++ b/src/stack/kickstart/utils/read-ssh-private-key.c
@@ -134,10 +134,11 @@ static char rcsid[] = "$Id$";
 #define MYUSER "apache"
 
 /* The different kinds of keys. */
-#define RSA1 1
-#define RSA 2
-#define DSA 3
-#define ECDSA 4
+#define RSA1	1
+#define RSA	2
+#define DSA	3
+#define ECDSA	4
+#define ED25519	5
 
 int
 main(int argc, char *argv[])
@@ -170,6 +171,8 @@ main(int argc, char *argv[])
 		mode = DSA;
 	  else if (!strncmp("ECDSA", argv[1], 5))
 		mode = ECDSA;
+	  else if (!strncmp("ED25519", argv[1], 5))
+		mode = ED25519;
 	}
 	
 	switch (mode)
@@ -186,9 +189,11 @@ main(int argc, char *argv[])
 	  case ECDSA:
 		keyfile = FILENAME "/ssh_host_ecdsa_key";
 		break;
+	  case ED25519:
+		keyfile = FILENAME "/ssh_host_ed25519_key";
+		break;
 	  default:
-		fprintf(stderr,
-			"Please specify a key: RSA1 | RSA | DSA | ECDSA\n");
+		fprintf(stderr, "Please specify a key: RSA1 | RSA | DSA | ECDSA | ED25519\n");
 		return 1;
 	}