Commit 946dd3c5 authored by Guido Gunther's avatar Guido Gunther

Move sshd host key generation to gen-sshd-host-keys package

Less cruft in the image-builder
parent e183ebb4
#!/bin/sh
#
# Generate missing ssh host keys
# code copied from openssh-server postinst to address
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594175
set -e
export LC_ALL=C.UTF-8
get_config_option() {
option="$1"
[ -f /etc/ssh/sshd_config ] || return
# TODO: actually only one '=' allowed after option
perl -lne '
s/[[:space:]]+/ /g; s/[[:space:]]+$//;
print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
/etc/ssh/sshd_config
}
host_keys_required() {
hostkeys="$(get_config_option HostKey)"
if [ "$hostkeys" ]; then
echo "$hostkeys"
else
# No HostKey directives at all, so the server picks some
# defaults.
echo /etc/ssh/ssh_host_rsa_key
echo /etc/ssh/ssh_host_ecdsa_key
echo /etc/ssh/ssh_host_ed25519_key
fi
}
create_key() {
msg="$1"
shift
hostkeys="$1"
shift
file="$1"
shift
if echo "$hostkeys" | grep -x "$file" >/dev/null && \
[ ! -f "$file" ] ; then
echo -n $msg
ssh-keygen -q -f "$file" -N '' "$@"
echo
if which restorecon >/dev/null 2>&1; then
restorecon "$file" "$file.pub"
fi
ssh-keygen -l -f "$file.pub"
fi
}
create_keys() {
hostkeys="$(host_keys_required)"
create_key "Creating SSH2 RSA key; this may take some time ..." \
"$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
create_key "Creating SSH2 DSA key; this may take some time ..." \
"$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
create_key "Creating SSH2 ECDSA key; this may take some time ..." \
"$hostkeys" /etc/ssh/ssh_host_ecdsa_key -t ecdsa
create_key "Creating SSH2 ED25519 key; this may take some time ..." \
"$hostkeys" /etc/ssh/ssh_host_ed25519_key -t ed25519
}
create_keys
[Unit]
Description=Generate OpenSSH daemon host keys service
ConditionPathExists=/usr/sbin/sshd
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
Before=ssh.service
Before=ssh.socket
[Service]
Type=oneshot
ExecStart=/usr/local/bin/gen-sshd-host-keys
ExecStop=/bin/true
[Install]
WantedBy=ssh.service
WantedBy=ssh.socket
......@@ -167,10 +167,7 @@ function setup_journal()
function setup_sshd()
{
[ -x "${basedir}/usr/sbin/sshd" ] || return
# Generate new host keys on first boot
cp data/gen-sshd-host-keys "${basedir}/usr/local/bin/"
cp data/sshd-host-keys.service "${basedir}/etc/systemd/system/"
chroot "${basedir}" systemctl enable sshd-host-keys.service
# Make sure unique host keys are generated on first boot
chroot "${basedir}" rm -f /etc/ssh/ssh_host_*
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment