Darrick Hartman wrote: > Ken Caruso wrote: >> Hello, >> >> I have a system without a USB key. I am contemplating changing the sshd >> init script slightly to copy ssh keys when they are generated to >> /stat/etc/ssh. >> >> It currently looks like this: >> >> >> if [ ! -f /etc/ssh/ssh_host_key ] >> then >> cp -a /stat/etc/ssh/* /etc/ssh/ >> echo "generating ssh hostkeys..." >> /usr/bin/ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N '' >> /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >> /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >> fi >> >> >> I am thinking about changing it to: >> >> if [ ! -f /etc/ssh/ssh_host_key ] >> then >> cp -a /stat/etc/ssh/* /etc/ssh/ >> echo "generating ssh hostkeys..." >> /usr/bin/ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N '' >> /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >> /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >> cp -a /etc/ssh/ssh_host_dsa_key.pub /stat/etc/ssh/ >> cp -a /etc/ssh/ssh_host_dsa_key /stat/etc/ssh/ >> cp -a /etc/ssh/ssh_host_key.pub /stat/etc/ssh/ >> cp -a /etc/ssh/ssh_host_key /stat/etc/ssh/ >> cp -a /etc/ssh/ssh_host_rsa_key.pub /stat/etc/ssh/ >> cp -a /etc/ssh/ssh_host_rsa_key /stat/etc/ssh/ >> fi >> >> So if they keys are generated they are copied to /stat/etc/ssh so >> keep after a reboot. Any potential problems this might cause? > I can understand not wanting to use a USB flash device for a key disk, > but not using a keydisk partition at all, just doesn't make any sense. > This project is designed to have a read-only area and a writable area > for configuration data (and things like ssh keys). If you don't want to > use a separate device, at least create a second partition on your CF > drive and use that as the key disk. If you need help doing that, I'm > sure several of us will get you pointed in the right direction.
Well actually this was the first time I had setup an astlinux box without the USB key so i was unaware of the option to pass the partition as a kernel parameter at boot. But I have figured that out. So I am now using hda3 as /mnt/kd/. What I am trying to achieve is this, in a scenario where a deploy a bunch of these boxes, i want to have the box automatically generate the ssh keys if and then copy them to /mnt/kd (or stat in the previous question) automatically. Ideally I could run "genkd" on one machine, make a copy of its image, erase the ssh keys, so every other machine I use the image on already has hda3 mounted at /mnt/kd and will on first boot generate the keys and copy them /mnt/kd. It seems like that would be reasonable first boot behavior. -Ken > > Darrick > _______________________________________________ Astlinux-users mailing list [email protected] http://lists.kriscompanies.com/mailman/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED]
