The solution I'm going to implement is to remove ssh keys from the image, so
there will be no "built-in hostkeys".
In testing, the ssh server will then still start, but attempts to ssh to it
will fail:
$ sudo rm /etc/ssh/ssh_host_rsa_key*
$ sudo stop ssh
$ sudo start ssh
$ ssh localhost; echo $?
Read from socket failed: Connection reset by peer
255
$ sudo ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N "";
Generating public/private rsa key pair.
...
$ ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is 32:44:17:eb:21:5d:a1:d3:e9:c0:57:f9:1e:e3:ce:a8.
Are you sure you want to continue connecting (yes/no)?
...
I think this is good enough, it means that the window is still present, but
a.) in the window there will be no ssh keys reported by 'ssh' or 'ssh-keyscan'
b.) ssh host /bin/true
will exit with non-zero
c.) when keys are available, ssh server picks them up.
** Changed in: ec2-init (Ubuntu)
Status: Confirmed => In Progress
** Changed in: ec2-init (Ubuntu)
Milestone: None => lucid-alpha-3
** Changed in: ec2-init (Ubuntu)
Assignee: (unassigned) => Scott Moser (smoser)
--
ssh is started before hostkey is installed/regenerated
https://bugs.launchpad.net/bugs/512377
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
