Going back to openssh 8.8

security/openssh-portable/files/openssh.in

@@ -22,16 +22,6 @@ load_rc_config ${name}
 : ${openssh_enable:="NO"}
 : ${openssh_skipportscheck="NO"}
 
-# These only control ssh-keygen automatically generating host keys.
-: ${openssh_dsa_enable="YES"}
-: ${openssh_dsa_flags=""}
-: ${openssh_rsa_enable="YES"}
-: ${openssh_rsa_flags=""}
-: ${openssh_ecdsa_enable="YES"}
-: ${openssh_ecdsa_flags=""}
-: ${openssh_ed25519_enable="YES"}
-: ${openssh_ed25519_flags=""}
-
 command=%%PREFIX%%/sbin/sshd
 extra_commands="configtest reload keygen"
 start_precmd="${name}_checks"
@@ -43,16 +33,10 @@ pidfile=${openssh_pidfile:="/var/run/sshd.pid"}
 
 openssh_keygen()
 {
-	local skip_dsa= skip_rsa= skip_ecdsa= skip_ed25519=
-	checkyesno openssh_dsa_enable || skip_dsa=y
-	checkyesno openssh_rsa_enable || skip_rsa=y
-	checkyesno openssh_ecdsa_enable || skip_ecdsa=y
-	checkyesno openssh_ed25519_enable || skip_ed25519=y
-
-	if [ \( -n "$skip_dsa" -o -f %%ETCDIR%%/ssh_host_dsa_key \) -a \
-	    \( -n "$skip_rsa" -o -f %%ETCDIR%%/ssh_host_rsa_key \) -a \
-	    \( -n "$skip_ecdsa" -o -f %%ETCDIR%%/ssh_host_ecdsa_key \) -a \
-	    \( -n "$skip_ed25519" -o -f %%ETCDIR%%/ssh_host_ed25519_key \) ]; then
+	if [ -f %%ETCDIR%%/ssh_host_dsa_key -a \
+	    -f %%ETCDIR%%/ssh_host_rsa_key -a \
+	    -f %%ETCDIR%%/ssh_host_ecdsa_key -a \
+	    -f %%ETCDIR%%/ssh_host_ed25519_key ]; then
 		return 0
 	fi
 
@@ -66,8 +50,8 @@ openssh_keygen()
 		echo "You already have a DSA host key" \
 			"in %%ETCDIR%%/ssh_host_dsa_key"
 		echo "Skipping protocol version 2 DSA Key Generation"
-	elif checkyesno openssh_dsa_enable; then
-		%%PREFIX%%/bin/ssh-keygen -t dsa $openssh_dsa_flags \
+	else
+		%%PREFIX%%/bin/ssh-keygen -t dsa \
 			-f %%ETCDIR%%/ssh_host_dsa_key -N ''
 	fi
 
@@ -75,8 +59,8 @@ openssh_keygen()
 		echo "You already have a RSA host key" \
 			"in %%ETCDIR%%/ssh_host_rsa_key"
 		echo "Skipping protocol version 2 RSA Key Generation"
-	elif checkyesno openssh_rsa_enable; then
-		%%PREFIX%%/bin/ssh-keygen -t rsa $openssh_rsa_flags \
+	else
+		%%PREFIX%%/bin/ssh-keygen -t rsa \
 			-f %%ETCDIR%%/ssh_host_rsa_key -N ''
 	fi
 
@@ -84,8 +68,8 @@ openssh_keygen()
 		echo "You already have a Elliptic Curve DSA host key" \
 			"in %%ETCDIR%%/ssh_host_ecdsa_key"
 		echo "Skipping protocol version 2 Elliptic Curve DSA Key Generation"
-	elif checkyesno openssh_ecdsa_enable; then
-		%%PREFIX%%/bin/ssh-keygen -t ecdsa $openssh_ecdsa_flags \
+	else
+		%%PREFIX%%/bin/ssh-keygen -t ecdsa \
 			-f %%ETCDIR%%/ssh_host_ecdsa_key -N ''
 	fi
 
@@ -93,8 +77,8 @@ openssh_keygen()
 		echo "You already have a Elliptic Curve ED25519 host key" \
 			"in %%ETCDIR%%/ssh_host_ed25519_key"
 		echo "Skipping protocol version 2 Elliptic Curve ED25519 Key Generation"
-	elif checkyesno openssh_ed25519_enable; then
-		%%PREFIX%%/bin/ssh-keygen -t ed25519 $openssh_ed22519_flags \
+	else
+		%%PREFIX%%/bin/ssh-keygen -t ed25519 \
 			-f %%ETCDIR%%/ssh_host_ed25519_key -N ''
 	fi
 }
@@ -172,7 +156,7 @@ openssh_checks()
       fi
 	fi
 
-	openssh_keygen
+	run_rc_command keygen
 	openssh_configtest
 }