Open PinkFreud opened 2 years ago
oh that is odd, thanks for spotting that. The image is created in a chroot. I will have to check what in the process creates them. The image is created fully automated so some service must create them.
I opted for enabled SSH as the target audience of Piunora will pre-dominantly want that enabled. But I will make sure that there are no generated keys present before first boot for the next release. I had unfortunately little resources for updates, a new release is well overdue.
The keys would be created upon enabling ssh - the service won't run without them. You'd need to remove them, and ensure ssh-keygen -A is run before ssh service startup, otherwise an error will be thrown at boot time.
systemd is not running during the image setup, I think right now I used the raspi-config utility to enable ssh. I might do that manually instead then. Normally it should do the generation of the key on the first actual boot up. Will take a look what the utility actually runs.
Yep, it's in raspi-config, all right, in do_ssh():
if [ $RET -eq 0 ]; then
ssh-keygen -A &&
update-rc.d ssh enable &&
invoke-rc.d ssh start &&
STATUS=enabled
One other consideration, if you're enabling ssh by default, is the default user and password on the image. Raspbian / Raspberry Pi OS used to do the same thing, but it was deemed risky to enable remote logins before giving the user an opportunity to change the default password. If you want ssh enabled by default, it might be worthwhile to come up with a way to force a password change on the pi account on first boot.
Anyway, thanks for being responsive! This is an intriguing little board, and I'm having fun with mine!
Great to hear you are enjoying the board! Regarding the default user/pw issue. That has been solved in the latest OS release afaik where the user and pw have to be set after first boot so a new release of this image should have this also "for free".
I recently picked up a Piunora board for a spare CM4 I had on hand, and after going through the docs on getting started, opted to install the official Piunora image.
While looking through the image, I noticed that /etc/ssh is populated with host keys - this is a terrible idea, as it means all deployments of this image have these keys by default, and unless an end user knew to remove and regenerate these, it could lead to a compromise of the Pi in question in the wild.
See https://threatpost.com/cisco-ssh-key-flaw-has-echoes-of-earlier-vulnerabilities/113484/ for how shipping default ssh keys is a terrible idea. While this isn't quite as severe as, say, leaving keys lying around in root's authorized_keys file, it could still compromise the encryption these default host keys are meant to secure.
I'll note that both released images, 24-11-21 (2021-11-24) and 2021-12-01 contain default ssh host keys, though it appears they were generated separately, and thus not the same between the two images:
2021-11-24:
2021-12-01:
The right way to handle this would be to remove all existing host keys in /etc/ssh before image generation, and ensuring
ssh-keygen -A
is run before sshd startup, if sshd is left enabled:That being said, it's probably a better idea to leave ssh disabled by default, and let end-users enable it when necessary. This is the method the Raspberry Pi Foundation uses with Raspberry Pi OS, and is a reasonably safe option.