[Bug 876910] Re: When starting open ssh server without host keys in /etc/ssh/, the keys are not automatically generated.

Tue Oct 18 19:10:18 UTC 2011

Hello Clint,

>> No, upstart jobs are designed to be short and pointed ways to define how
>> a daemon starts and stops. /etc/init.d is only for backward compatibility
>> in an upstart system. The ssh init.d script was left the way it is because
>> of chroot jails for sshd, but it is not necessary for normal operation.

OOOHHHH! *Light Bulb*!  this makes sense.  Thanks for setting me
straight.

>> Yeah, thats probably better. What was I thinking? ;)
Sometimes it's more fun to do things the hard way. :)

>> Not sure why this isn't scalable... its not that heavy of a command and
>> it should be idempotent.

I can't automate it.  If I Can't automate it, can't scale it well.  
The problem is, for every new VM, to enable SSH this requires the SysOp to:
-- Log into the Host Machine,
-- Determine the VNC port 
-- VNC to the the VM,
-- Run the command.

With enough volume, these four steps could make for a full time job.  
It's not the command itself, but the work surrounding the command.

>> I do think its a bit odd that they are generated at install time rather than whenever they are missing,
I'm glad, I thought I was having a derp moment.  Also, checking for these files at startup adds fault tolerance, would you agree?

>> but either way, its a well defined
>> behavior and so can be worked with fairly easily by removing and
>> regenerating the keys at first boot. An upstart job like this
>> would probably work:

>> start on starting ssh
>> task
>> exec [ -f /etc/ssh/ssh_host_dsa_key ] || ssh-keygen -t dsa -b 4096 -f /etc/ssh/ssh_host_dsa_key -q

Is this supposed to be all on one line?  Causes ssh to hang when calling:
start ssh

Also, is there a variable that tells Ubuntu if it is first boot?  This
could potentially solve the problem since the .qcow2 will overwrite this
variable.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/876910

Title:
  When starting open ssh server without host keys in /etc/ssh/, the keys
  are not automatically generated.

Status in “openssh” package in Ubuntu:
  Incomplete

Bug description:
  System Information
  1) lsb_release -rd
  Description:    Ubuntu 11.10
  Release:        11.10

  SSH Version
  2) apt-cache policy openssh-server
  openssh-server:
    Installed: 1:5.8p1-7ubuntu1
    Candidate: 1:5.8p1-7ubuntu1
    Version table:
   *** 1:5.8p1-7ubuntu1 0
          500 http://us.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages
          100 /var/lib/dpkg/status

  Expected Behavior:
  3) SSH should automatically create host keys when it detect the host keys are not present in /etc/ssh

  Observed Behavior:
  4) SSH did not generate host keys

  Solution:
  5) Created the attached patch to resolve the issue locally.  Presented as a solution to the problem.
  -- Check for existence of /etc/ssh/*_host_*
  -- create host keys unless exists

  ProblemType: Bug
  DistroRelease: Ubuntu 11.10
  Package: openssh-server 1:5.8p1-7ubuntu1
  ProcVersionSignature: Ubuntu 3.0.0-12.20-server 3.0.4
  Uname: Linux 3.0.0-12-server x86_64
  ApportVersion: 1.23-0ubuntu3
  Architecture: amd64
  Date: Mon Oct 17 16:12:28 2011
  InstallationMedia: Ubuntu-Server 11.10 "Oneiric Ocelot" - Release amd64 (20111011)
  ProcEnviron:
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssh
  UpgradeStatus: No upgrade log present (probably fresh install)
  mtime.conffile..etc.init.d.ssh: 2011-10-17T15:57:55.578332

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/876910/+subscriptions