Hi, On Wed, Sep 19, 2018 at 11:38:59AM -0400, Simon Deziel wrote: > On 2018-09-19 05:18 AM, Guido Günther wrote: > > Hi, > > On Wed, Jan 10, 2018 at 10:36:51AM +0100, Guido Günther wrote: > >> Hi, > >> On Wed, Jul 13, 2016 at 10:27:11AM +0200, Guido Günther wrote: > >>> On Tue, Aug 24, 2010 at 12:23:52PM +0200, Michael Prokop wrote: > >>>> Package: openssh-server > >>>> Version: 1:5.5p1-4 > >>>> Severity: wishlist > >>>> > >>>> > >>>> I mentioned this issue in my talk "State of Debian (based) Linux > >>>> live systems in 2010" at Debconf10. Colin suggested to talk about > >>>> it later on, so I'm reporting this as a wishlist item. > >>>> > >>>> It would be nice if the sshd init script would support generation of > >>>> ssh host keys - iff there aren't any keys present yet. > >>>> > >>>> The (main) use case for this feature are live systems where you > >>>> usually don't want to ship pre-generated keys on one hand, on the > >>>> other hand not everyone wants to generate the host keys > >>>> automatically on each boot (consuming time and ressources). > >>>> > >>>> Taking care of key generation as someone invokes '/etc/init.d/ssh > >>>> start' works fine for the Grml live systems and its users. What > >>>> we're doing is something as simple as: > >>>> > >>>> ,---- [ relevant snipped of Grml's ssh initscript ] > >>>> | RSA1_KEY=/etc/ssh/ssh_host_key > >>>> | RSA_KEY=/etc/ssh/ssh_host_rsa_key > >>>> | DSA_KEY=/etc/ssh/ssh_host_dsa_key > >>>> | > >>>> | case "$1" in > >>>> | start) > >>>> | [...] > >>>> | if ! test -f $RSA1_KEY ; then > >>>> | log_action_msg "Generating SSH1 RSA host key..." > >>>> | $KEYGEN -t rsa1 -f $RSA1_KEY -C '' -N '' || exit 1 > >>>> | fi > >>>> | > >>>> | if ! test -f $RSA_KEY ; then > >>>> | log_action_msg "Generating SSH RSA host key..." > >>>> | $KEYGEN -t rsa -f $RSA_KEY -C '' -N '' || exit 1 > >>>> | fi > >>>> | > >>>> | if ! test -f $DSA_KEY ; then > >>>> | log_action_msg "Generating SSH2 DSA host key..." > >>>> | $KEYGEN -t dsa -f $DSA_KEY -C '' -N '' || exit 1 > >>>> | fi > >>>> | [...] > >>>> `---- > >>>> > >>>> Would be great if that feature would be available in Debian/Ubuntu > >>>> based (live) systems as well. :) > >>> > >>> I wonder if we should just create a openssh-host-keys package that ships > >>> a systemd unit/init script to create the keys (as (I think it was > >>> Christian) suggested at debconf. > >>> > >>> This just came up here as well > >>> > >>> https://www.redhat.com/archives/libguestfs/2016-July/msg00090.html > >>> > >> > >> Michael is grml working around this somehow? If so can you attach a > >> link? > > > > I have moved things into a Debian package now: > > > > https://source.puri.sm/Librem5/gen-sshd-host-keys > > Have you tried "ssh-keygen -A" ? I believe it would be the simplest way > to generated the missing host keys.
I want to only generate the ones enabled in sshd_config (similar to what sshd's postinst does). Cheers, -- Guido
