Ken Caruso wrote:
Darrick Hartman wrote:
Ken Caruso wrote:
Hello,
I have a system without a USB key. I am contemplating changing the sshd
init script slightly to copy ssh keys when they are generated to
/stat/etc/ssh.
It currently looks like this:
if [ ! -f /etc/ssh/ssh_host_key ]
then
cp -a /stat/etc/ssh/* /etc/ssh/
echo "generating ssh hostkeys..."
/usr/bin/ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ''
/usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N ''
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
fi
I am thinking about changing it to:
if [ ! -f /etc/ssh/ssh_host_key ]
then
cp -a /stat/etc/ssh/* /etc/ssh/
echo "generating ssh hostkeys..."
/usr/bin/ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ''
/usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N ''
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
cp -a /etc/ssh/ssh_host_dsa_key.pub /stat/etc/ssh/
cp -a /etc/ssh/ssh_host_dsa_key /stat/etc/ssh/
cp -a /etc/ssh/ssh_host_key.pub /stat/etc/ssh/
cp -a /etc/ssh/ssh_host_key /stat/etc/ssh/
cp -a /etc/ssh/ssh_host_rsa_key.pub /stat/etc/ssh/
cp -a /etc/ssh/ssh_host_rsa_key /stat/etc/ssh/
fi
So if they keys are generated they are copied to /stat/etc/ssh so
keep after a reboot. Any potential problems this might cause?
I can understand not wanting to use a USB flash device for a key disk,
but not using a keydisk partition at all, just doesn't make any sense.
This project is designed to have a read-only area and a writable area
for configuration data (and things like ssh keys). If you don't want to
use a separate device, at least create a second partition on your CF
drive and use that as the key disk. If you need help doing that, I'm
sure several of us will get you pointed in the right direction.
Well actually this was the first time I had setup an astlinux box
without the USB key so i was unaware of the option to pass the partition
as a kernel parameter at boot. But I have figured that out. So I am now
using hda3 as /mnt/kd/.
What I am trying to achieve is this, in a scenario where a deploy a
bunch of these boxes, i want to have the box automatically generate the
ssh keys if and then copy them to /mnt/kd (or stat in the previous
question) automatically. Ideally I could run "genkd" on one machine,
make a copy of its image, erase the ssh keys, so every other machine I
use the image on already has hda3 mounted at /mnt/kd and will on first
boot generate the keys and copy them /mnt/kd. It seems like that would
be reasonable first boot behavior.
-Ken
Darrick
When you run genkd, it creates the keydisk (or keydisk partition) and
copies over the necessary files, but unless I'm mistaken (sorry, no
access to an astlinux box here) the ssh keys are not generated until
sshd starts AFTER you reboot. So, is there any problem to running
genkd, shutting down, then making the copy of the image. On first boot
everything is automagically set up for _that_ box, while your image
remains particular-installation-agnostic.
Clint
_______________________________________________
Astlinux-users mailing list
[email protected]
http://lists.kriscompanies.com/mailman/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to [EMAIL
PROTECTED]
