tomuta / debian-mini-odroid-c1

Script to build a minimal Debian sd card image.
75 stars 39 forks source link

Systemd support for hostkey generation #8

Closed Rotonen closed 9 years ago

Rotonen commented 9 years ago

Moved ssh hostkey generation to /etc/rc.local.

tomuta commented 9 years ago

This works somewhat, but it seems there should be a better solution available. The issue I'm seeing is that openssh first fails to start and then keys get regenerated and the openssh service is restarted. It works, but if there is a systemd way of invoking a script prior to the openssh service getting started, I'd prefer that.

[....] Starting OpenBSD Secure Shell server: sshdCould not load host key: /etc/ssh/ssh_host_rsa_key Could not load host key: /etc/ssh/ssh_host_dsa_key Could not load host key: /etc/ssh/ssh_host_ecdsa_key . ok ls: cannot access /etc/ssh/sshhost*: No such file or directory Creating SSH2 RSA key; this may take some time ... Creating SSH2 DSA key; this may take some time ... Creating SSH2 ECDSA key; this may take some time ... [ ok ] Restarting OpenBSD Secure Shell server: sshd.

Rotonen commented 9 years ago

Arch Linux has a systemd solution for this.

https://github.com/rookus/systemd-arch-units/blob/master/service/sshdgenkeys.service https://github.com/rookus/systemd-arch-units/blob/master/scripts/sshdgenkeys

I'd personally replace the sshdgenkeys script with ssh-keygen -A.

From the man page of ssh-keygen:

     -A      For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key
             file path, an empty passphrase, default bits for the key type, and default comment.  This is used by /etc/rc to generate new host
             keys.