Commit d09239f5 authored by Guido Gunther's avatar Guido Gunther

Add openssh-server

Regenerate host-keys on  new installs

Fix #17
parent 3d4fbf9a
#!/bin/sh
#
# Generate missing ssh host keys
# code copied from openssh-server postinst to address
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594175
set -e
export LC_ALL=C.UTF-8
get_config_option() {
option="$1"
[ -f /etc/ssh/sshd_config ] || return
# TODO: actually only one '=' allowed after option
perl -lne '
s/[[:space:]]+/ /g; s/[[:space:]]+$//;
print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
/etc/ssh/sshd_config
}
host_keys_required() {
hostkeys="$(get_config_option HostKey)"
if [ "$hostkeys" ]; then
echo "$hostkeys"
else
# No HostKey directives at all, so the server picks some
# defaults.
echo /etc/ssh/ssh_host_rsa_key
echo /etc/ssh/ssh_host_ecdsa_key
echo /etc/ssh/ssh_host_ed25519_key
fi
}
create_key() {
msg="$1"
shift
hostkeys="$1"
shift
file="$1"
shift
if echo "$hostkeys" | grep -x "$file" >/dev/null && \
[ ! -f "$file" ] ; then
echo -n $msg
ssh-keygen -q -f "$file" -N '' "$@"
echo
if which restorecon >/dev/null 2>&1; then
restorecon "$file" "$file.pub"
fi
ssh-keygen -l -f "$file.pub"
fi
}
create_keys() {
hostkeys="$(host_keys_required)"
create_key "Creating SSH2 RSA key; this may take some time ..." \
"$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
create_key "Creating SSH2 DSA key; this may take some time ..." \
"$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
create_key "Creating SSH2 ECDSA key; this may take some time ..." \
"$hostkeys" /etc/ssh/ssh_host_ecdsa_key -t ecdsa
create_key "Creating SSH2 ED25519 key; this may take some time ..." \
"$hostkeys" /etc/ssh/ssh_host_ed25519_key -t ed25519
}
create_keys
[Unit]
Description=Generate OpenSSH daemon host keys service
ConditionPathExists=/usr/sbin/sshd
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
Before=ssh.service
Before=ssh.socket
[Service]
Type=oneshot
ExecStart=/usr/local/bin/gen-sshd-host-keys
ExecStop=/bin/true
[Install]
WantedBy=ssh.service
WantedBy=ssh.socket
......@@ -84,6 +84,7 @@ dev_packages="
git
net-tools
openssh-client
openssh-server
wireless-tools
"
......
......@@ -156,6 +156,17 @@ function setup_journal()
}
function setup_sshd()
{
[[ "$packages" =~ "openssh-server" ]] || return
# Generate new host keys on first boot
cp data/gen-sshd-host-keys "${basedir}/usr/local/bin/"
cp data/sshd-host-keys.service "${basedir}/etc/systemd/system/"
chroot $basedir systemctl enable sshd-host-keys.service
chroot $basedir rm -f /etc/ssh/ssh_host_*
}
# We have to do this because task packages don't work with debootstrap
# (and won't). See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841649
# other packages are better installed late to not confuse deboostrap about
......@@ -241,4 +252,5 @@ setup_kernel
setup_uboot
setup_gui
setup_journal
setup_sshd
create_stamp
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment