diff --git a/elements/runtime-ssh-host-keys/element-deps b/elements/runtime-ssh-host-keys/element-deps index 3a027762..69a71fde 100644 --- a/elements/runtime-ssh-host-keys/element-deps +++ b/elements/runtime-ssh-host-keys/element-deps @@ -1 +1,2 @@ dib-init-system +install-static diff --git a/elements/runtime-ssh-host-keys/init-scripts/systemd/ssh-keygen.service b/elements/runtime-ssh-host-keys/init-scripts/systemd/ssh-keygen.service index 90a83136..ef2201bc 100644 --- a/elements/runtime-ssh-host-keys/init-scripts/systemd/ssh-keygen.service +++ b/elements/runtime-ssh-host-keys/init-scripts/systemd/ssh-keygen.service @@ -2,19 +2,8 @@ Description=OpenSSH Server Key Generation Before=ssh.service -ConditionPathExists=|!/etc/ssh/ssh_host_key -ConditionPathExists=|!/etc/ssh/ssh_host_key.pub -ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key -ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub -ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key -ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key.pub -ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key -ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub -ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key -ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key.pub - [Service] -ExecStart=/usr/bin/ssh-keygen -A +ExecStart=/usr/local/sbin/runtime-ssh-host-keys.sh Type=oneshot RemainAfterExit=yes diff --git a/elements/runtime-ssh-host-keys/init-scripts/upstart/ssh-keygen.conf b/elements/runtime-ssh-host-keys/init-scripts/upstart/ssh-keygen.conf index 3fa2c012..0f85e22a 100644 --- a/elements/runtime-ssh-host-keys/init-scripts/upstart/ssh-keygen.conf +++ b/elements/runtime-ssh-host-keys/init-scripts/upstart/ssh-keygen.conf @@ -5,4 +5,4 @@ console output task -exec /usr/bin/ssh-keygen -A +exec /usr/local/sbin/runtime-ssh-host-keys.sh diff --git a/elements/runtime-ssh-host-keys/static/usr/local/sbin/runtime-ssh-host-keys.sh b/elements/runtime-ssh-host-keys/static/usr/local/sbin/runtime-ssh-host-keys.sh new file mode 100755 index 00000000..4fa2374d --- /dev/null +++ b/elements/runtime-ssh-host-keys/static/usr/local/sbin/runtime-ssh-host-keys.sh @@ -0,0 +1,29 @@ +#!/bin/bash +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# dib-lint: disable=dibdebugtrace + +set -exu +set -o pipefail + +# We are running into race conditions with glean, which ssh-keygen -A is +# not handling properly. So, create a new script to first check if the +# file exists, then use 'yes' to disable overwriting of existing files. + +for key in dsa ecdsa ed25519 rsa; do + FILE=/etc/ssh/ssh_host_${key}_key + if ! [ -e $FILE ]; then + /usr/bin/yes n | /usr/bin/ssh-keygen -f $FILE -N '' -t $key + fi +done