[Bug 1778386] Re: If SSH host keys are missing, they should automatically regenerate at boot time

[Colin Watson]

I've always specifically refused to do this because it's very common for
insufficient entropy to be available at boot time, resulting in weak
host keys on systems that have been configured this way.  There was an
academic study a while back of weak host keys on the internet where this
sort of thing was one of the likely causes.

You can configure your own VMs to do this kind of thing via cloud-init
or whatever, but I'm afraid I don't intend to put it in the default
configuration.

** Project changed: launchpad => openssh (Ubuntu)

** Changed in: openssh (Ubuntu)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1778386

Title:
  If SSH host keys are missing, they should automatically regenerate at
  boot time

Status in openssh package in Ubuntu:
  Won't Fix

Bug description:
  When SSH host keys are missing, they should be automatically
  regenerated at boot time so SSH functions.  This is particularly
  useful if cloning VM's or using a VM template.

  I have modified the following using CentOS 7's .service file.

  /lib/systemd/system/ssh-keygen.service :

  [Unit]
  Description=OpenSSH Server Key Generation
  ConditionFileNotEmpty=|!/etc/ssh/ssh_host_rsa_key
  ConditionFileNotEmpty=|!/etc/ssh/ssh_host_ecdsa_key
  ConditionFileNotEmpty=|!/etc/ssh/ssh_host_ed25519_key
  PartOf=ssh.service sshd.socket

  [Service]
  ExecStart=/usr/sbin/dpkg-reconfigure openssh-server
  Type=oneshot
  RemainAfterExit=yes

  And added the following to ssh.service.

  /lib/systemd/system/ssh.service :
  [Unit]
  ...
  After=network.target ssh-keygen.service
  ...
  Wants=ssh-keygen.service
  ...

  I have tested this and it is working.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1778386/+subscriptions