On Tue, Aug 24, 2010 at 12:23:52PM +0200, Michael Prokop wrote: > Package: openssh-server > Version: 1:5.5p1-4 > Severity: wishlist > > > I mentioned this issue in my talk "State of Debian (based) Linux > live systems in 2010" at Debconf10. Colin suggested to talk about > it later on, so I'm reporting this as a wishlist item. > > It would be nice if the sshd init script would support generation of > ssh host keys - iff there aren't any keys present yet. > > The (main) use case for this feature are live systems where you > usually don't want to ship pre-generated keys on one hand, on the > other hand not everyone wants to generate the host keys > automatically on each boot (consuming time and ressources). > > Taking care of key generation as someone invokes '/etc/init.d/ssh > start' works fine for the Grml live systems and its users. What > we're doing is something as simple as: > > ,---- [ relevant snipped of Grml's ssh initscript ] > | RSA1_KEY=/etc/ssh/ssh_host_key > | RSA_KEY=/etc/ssh/ssh_host_rsa_key > | DSA_KEY=/etc/ssh/ssh_host_dsa_key > | > | case "$1" in > | start) > | [...] > | if ! test -f $RSA1_KEY ; then > | log_action_msg "Generating SSH1 RSA host key..." > | $KEYGEN -t rsa1 -f $RSA1_KEY -C '' -N '' || exit 1 > | fi > | > | if ! test -f $RSA_KEY ; then > | log_action_msg "Generating SSH RSA host key..." > | $KEYGEN -t rsa -f $RSA_KEY -C '' -N '' || exit 1 > | fi > | > | if ! test -f $DSA_KEY ; then > | log_action_msg "Generating SSH2 DSA host key..." > | $KEYGEN -t dsa -f $DSA_KEY -C '' -N '' || exit 1 > | fi > | [...] > `---- > > Would be great if that feature would be available in Debian/Ubuntu > based (live) systems as well. :)
I wonder if we should just create a openssh-host-keys package that ships a systemd unit/init script to create the keys (as (I think it was Christian) suggested at debconf. This just came up here as well https://www.redhat.com/archives/libguestfs/2016-July/msg00090.html Cheers, -- Guido