Bug#594175: openssh-server: support generation of ssh host keys in init script
On Tue, Aug 24, 2010 at 12:23:52PM +0200, Michael Prokop wrote:
> Package: openssh-server
> Version: 1:5.5p1-4
> Severity: wishlist
>
>
> I mentioned this issue in my talk "State of Debian (based) Linux
> live systems in 2010" at Debconf10. Colin suggested to talk about
> it later on, so I'm reporting this as a wishlist item.
>
> It would be nice if the sshd init script would support generation of
> ssh host keys - iff there aren't any keys present yet.
>
> The (main) use case for this feature are live systems where you
> usually don't want to ship pre-generated keys on one hand, on the
> other hand not everyone wants to generate the host keys
> automatically on each boot (consuming time and ressources).
>
> Taking care of key generation as someone invokes '/etc/init.d/ssh
> start' works fine for the Grml live systems and its users. What
> we're doing is something as simple as:
>
> ,---- [ relevant snipped of Grml's ssh initscript ]
> | RSA1_KEY=/etc/ssh/ssh_host_key
> | RSA_KEY=/etc/ssh/ssh_host_rsa_key
> | DSA_KEY=/etc/ssh/ssh_host_dsa_key
> |
> | case "$1" in
> | start)
> | [...]
> | if ! test -f $RSA1_KEY ; then
> | log_action_msg "Generating SSH1 RSA host key..."
> | $KEYGEN -t rsa1 -f $RSA1_KEY -C '' -N '' || exit 1
> | fi
> |
> | if ! test -f $RSA_KEY ; then
> | log_action_msg "Generating SSH RSA host key..."
> | $KEYGEN -t rsa -f $RSA_KEY -C '' -N '' || exit 1
> | fi
> |
> | if ! test -f $DSA_KEY ; then
> | log_action_msg "Generating SSH2 DSA host key..."
> | $KEYGEN -t dsa -f $DSA_KEY -C '' -N '' || exit 1
> | fi
> | [...]
> `----
>
> Would be great if that feature would be available in Debian/Ubuntu
> based (live) systems as well. :)
I wonder if we should just create a openssh-host-keys package that ships
a systemd unit/init script to create the keys (as (I think it was
Christian) suggested at debconf.
This just came up here as well
https://www.redhat.com/archives/libguestfs/2016-July/msg00090.html
Cheers,
-- Guido
Reply to: