From 6645f47db47d188df08830a95f8e0aaca53ea7dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Fri, 6 May 2022 09:13:01 +0200 Subject: [PATCH] Ensure cloud-init is configured to generated host keys It may happen a base image has an edited version of cloud-init "cloud.cfg" that prevents the host keys to be generated. While it didn't represent an issue with older releases of cloud-init, starting cloud-init-22 this isn't true anymore. Before that release, an sshd-keygen@.service was present and called by sshd-keygen.target (which was called by sshd.service), and we ended up with ssh host keys in any cases - either generated from cloud-init, or generated by sshd-keygen.service. But cloud-init-22 introduced an edition to the sshd-keygen.service, making it check for the presence of cloud-init service, and preventing this sshd-keygen to kick in this case. So we'd better ensure cloud-init is able to generate the keys, else we'll be in a bad state, since it's instructed to remove the ones present. Closes-Bug: #1971751 Change-Id: I37b2f3e9d57a86544ef14e74a4a927309c18bbf0 --- .../post-install.d/22-cloud-init-ssh_genkeytypes | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100755 diskimage_builder/elements/cloud-init/post-install.d/22-cloud-init-ssh_genkeytypes diff --git a/diskimage_builder/elements/cloud-init/post-install.d/22-cloud-init-ssh_genkeytypes b/diskimage_builder/elements/cloud-init/post-install.d/22-cloud-init-ssh_genkeytypes new file mode 100755 index 00000000..832ddbfe --- /dev/null +++ b/diskimage_builder/elements/cloud-init/post-install.d/22-cloud-init-ssh_genkeytypes @@ -0,0 +1,15 @@ +#!/bin/bash + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +# Set cloud-init to generate ssh authkeys +if [ -f "/etc/cloud/cloud.cfg" ]; then + echo "Ensure ssh_genkeytypes is not present" + sudo sed -i '/ssh_genkeytypes/d' /etc/cloud/cloud.cfg + echo "Ensure ssh_genkeytypes value" + echo "ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519']" | sudo tee -a /etc/cloud/cloud.cfg +fi