I've always specifically refused to do this because it's very common for
insufficient entropy to be available at boot time, resulting in weak
host keys on systems that have been configured this way. There was an
academic study a while back of weak host keys on the internet where this
sort of thing was one of the likely causes.
You can configure your own VMs to do this kind of thing via cloud-init
or whatever, but I'm afraid I don't intend to put it in the default
configuration.
** Project changed: launchpad => openssh (Ubuntu)
** Changed in: openssh (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1778386
Title:
If SSH host keys are missing, they should automatically regenerate at
boot time
Status in openssh package in Ubuntu:
Won't Fix
Bug description:
When SSH host keys are missing, they should be automatically
regenerated at boot time so SSH functions. This is particularly
useful if cloning VM's or using a VM template.
I have modified the following using CentOS 7's .service file.
/lib/systemd/system/ssh-keygen.service :
[Unit]
Description=OpenSSH Server Key Generation
ConditionFileNotEmpty=|!/etc/ssh/ssh_host_rsa_key
ConditionFileNotEmpty=|!/etc/ssh/ssh_host_ecdsa_key
ConditionFileNotEmpty=|!/etc/ssh/ssh_host_ed25519_key
PartOf=ssh.service sshd.socket
[Service]
ExecStart=/usr/sbin/dpkg-reconfigure openssh-server
Type=oneshot
RemainAfterExit=yes
And added the following to ssh.service.
/lib/systemd/system/ssh.service :
[Unit]
...
After=network.target ssh-keygen.service
...
Wants=ssh-keygen.service
...
I have tested this and it is working.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1778386/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
