Ensure cloud-init is configured to generated host keys
It may happen a base image has an edited version of cloud-init "cloud.cfg" that prevents the host keys to be generated. While it didn't represent an issue with older releases of cloud-init, starting cloud-init-22 this isn't true anymore. Before that release, an sshd-keygen@.service was present and called by sshd-keygen.target (which was called by sshd.service), and we ended up with ssh host keys in any cases - either generated from cloud-init, or generated by sshd-keygen.service. But cloud-init-22 introduced an edition to the sshd-keygen.service, making it check for the presence of cloud-init service, and preventing this sshd-keygen to kick in this case. So we'd better ensure cloud-init is able to generate the keys, else we'll be in a bad state, since it's instructed to remove the ones present. Closes-Bug: #1971751 Change-Id: I37b2f3e9d57a86544ef14e74a4a927309c18bbf0
This commit is contained in:
parent
d3ce32016a
commit
6645f47db4
@ -0,0 +1,15 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
||||||
|
set -x
|
||||||
|
fi
|
||||||
|
set -eu
|
||||||
|
set -o pipefail
|
||||||
|
|
||||||
|
# Set cloud-init to generate ssh authkeys
|
||||||
|
if [ -f "/etc/cloud/cloud.cfg" ]; then
|
||||||
|
echo "Ensure ssh_genkeytypes is not present"
|
||||||
|
sudo sed -i '/ssh_genkeytypes/d' /etc/cloud/cloud.cfg
|
||||||
|
echo "Ensure ssh_genkeytypes value"
|
||||||
|
echo "ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519']" | sudo tee -a /etc/cloud/cloud.cfg
|
||||||
|
fi
|
Loading…
Reference in New Issue
Block a user