Message ID | 20211118115025.182309-1-Quirin.Gylstorff@siemens.com |
---|---|
State | Rejected, archived |
Headers | show |
Series | sshd-regen-keys: Disable service after it run once | expand |
Am Thu, 18 Nov 2021 12:50:25 +0100 schrieb "Q. Gylstorff" <Quirin.Gylstorff@siemens.com>: > From: Quirin Gylstorff <quirin.gylstorff@siemens.com> > > sshd-regen-keys is executed every time the system boots. > This leads to new system ssh keys every boot. New keys on every boot should not happen! SSH-KEYGEN(1) -A For each of the key types (rsa, dsa, ecdsa and ed25519) for which host keys do not exist, ... So yes you will see the service active/enabled/running but they keys should only be created on the first boot. If not please share your distro and version of ssh-keygen. (maybe it differs across versions) Henning > Revert to the behavior to before > commit d700bf83042c57efdc4f4721f56d078433ce6b1d sshd-regen-keys: > Improve service, make more robust > > and disable the service after it was executed. > > Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com> > --- > .../sshd-regen-keys/files/sshd-regen-keys.service | 1 > + .../{sshd-regen-keys_0.4.bb => sshd-regen-keys_0.5.bb} | 0 > 2 files changed, 1 insertion(+) > rename meta/recipes-support/sshd-regen-keys/{sshd-regen-keys_0.4.bb > => sshd-regen-keys_0.5.bb} (100%) > > diff --git > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > index 5c2ccff7..b38e6edc 100644 --- > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > +++ > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > @@ -11,6 +11,7 @@ ConditionPathIsReadWrite=/etc Type=oneshot > RemainAfterExit=yes ExecStart=/usr/bin/ssh-keygen -A > +ExecStartPost=-/bin/systemctl disable sshd-regen-keys.service > [Install] > WantedBy=sysinit.target > diff --git > a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.4.bb > b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.5.bb > similarity index 100% rename from > meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.4.bb rename to > meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.5.bb
diff --git a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service index 5c2ccff7..b38e6edc 100644 --- a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service +++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service @@ -11,6 +11,7 @@ ConditionPathIsReadWrite=/etc Type=oneshot RemainAfterExit=yes ExecStart=/usr/bin/ssh-keygen -A +ExecStartPost=-/bin/systemctl disable sshd-regen-keys.service [Install] WantedBy=sysinit.target diff --git a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.4.bb b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.5.bb similarity index 100% rename from meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.4.bb rename to meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.5.bb