issue #245 brought upstream from ventura

2026-03-16 14:02:07 +00:00 · 2023-05-26 12:04:16 -04:00
parent 59f6113560
commit c68bc61272
1 changed files with 14 additions and 0 deletions
--- a/scripts/generate_guidance.py
+++ b/scripts/generate_guidance.py
@@ -602,6 +602,14 @@ if [[ $EUID -ne 0 ]]; then
    exit 1
 fi

+ssh_key_check=0
+if /usr/sbin/sshd -T 2&> /dev/null; then
+    ssh_key_check=0
+else
+    /usr/bin/ssh-keygen -q -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key
+    ssh_key_check=1
+fi
+
 # path to PlistBuddy
 plb="/usr/libexec/PlistBuddy"

@@ -1068,6 +1076,12 @@ else
        read_options
    done
 fi
+
+if [[ "$ssh_key_check -ne 0 ]]; then
+    /bin/rm /etc/ssh/ssh_host_rsa_key
+    /bin/rm /etc/ssh/ssh_host_rsa_key.public
+    ssh_key_check=0
+fi
    """

    #write out the compliance script