首頁 探索 說明
登入
qyg
/
isar-kylin-addpackage
1
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
瀏覽代碼

sshd-regen-keys: Improve service, make more robust

Switch to using "/usr/bin/ssh-keygen -A" instead of dpkg-reconfigure.
With this we would generate new host keys every time the service starts
and no keys exist. Removing the keys from openssh-server in a postinst
makes it complete so that we really only generate on the first boot.

This is easier to handle that reusing the debian package hooks for key
generation.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
Henning Schild 4 年之前
父節點
03f85a0669
當前提交
d700bf8304
共有 5 個文件被更改,包括 17 次插入40 次删除
分割檢視 顯示文件統計
  1. 2 0
      meta/recipes-support/sshd-regen-keys/files/postinst
  2. 1 3
      meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service
  3. 0 20
      meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh
  4. 0 17
      meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.3.bb
  5. 14 0
      meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.4.bb

+ 2 - 0
meta/recipes-support/sshd-regen-keys/files/postinst
查看文件 

@@ -1,4 +1,6 @@
 
 #!/bin/sh
 
 set -e
 
 
+rm /etc/ssh/ssh_host_*_key*
 
+
 
 systemctl enable sshd-regen-keys.service

+ 1 - 3
meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service
查看文件 

@@ -9,9 +9,7 @@ ConditionPathIsReadWrite=/etc
 
 [Service]
 
 Type=oneshot
 
 RemainAfterExit=yes
 
-Environment=DEBIAN_FRONTEND=noninteractive
 
-ExecStart=/usr/sbin/sshd-regen-keys.sh
 
-ExecStartPost=-/bin/systemctl disable sshd-regen-keys.service
 
+ExecStart=/usr/bin/ssh-keygen -A
 
 StandardOutput=syslog
 
 StandardError=syslog

+ 0 - 20
meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh
查看文件 

@@ -1,20 +0,0 @@
 
-#!/usr/bin/env sh
 
-
 
-echo -n "SSH server is "
 
-if systemctl is-enabled ssh; then
 
-    SSHD_ENABLED="true"
 
-    systemctl disable --no-reload ssh
 
-fi
 
-
 
-echo "Removing keys ..."
 
-rm -v /etc/ssh/ssh_host_*_key*
 
-
 
-echo "Regenerating keys ..."
 
-dpkg-reconfigure openssh-server
 
-
 
-if test -n $SSHD_ENABLED; then
 
-    echo "Reenabling ssh server ..."
 
-    systemctl enable --no-reload ssh
 
-fi
 
-
 
-sync

+ 0 - 17
meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.3.bb
查看文件 

@@ -1,17 +0,0 @@
 
-# This software is a part of ISAR.
 
-inherit dpkg-raw
 
-
 
-DESCRIPTION = "Systemd service to regenerate sshd keys"
 
-MAINTAINER = "isar-users <isar-users@googlegroups.com>"
 
-DEBIAN_DEPENDS = "openssh-server, systemd"
 
-
 
-SRC_URI = "file://postinst \
 
-           file://sshd-regen-keys.service \
 
-           file://sshd-regen-keys.sh"
 
-
 
-do_install[cleandirs] = "${D}/lib/systemd/system \
 
-                         ${D}/usr/sbin"
 
-do_install() {
 
-    install -v -m 644 "${WORKDIR}/sshd-regen-keys.service" "${D}/lib/systemd/system/sshd-regen-keys.service"
 
-    install -v -m 755 "${WORKDIR}/sshd-regen-keys.sh" "${D}/usr/sbin/sshd-regen-keys.sh"
 
-}

+ 14 - 0
meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.4.bb
查看文件 

@@ -0,0 +1,14 @@
 
+# This software is a part of ISAR.
 
+inherit dpkg-raw
 
+
 
+DESCRIPTION = "Systemd service to regenerate sshd keys"
 
+MAINTAINER = "isar-users <isar-users@googlegroups.com>"
 
+DEBIAN_DEPENDS = "openssh-server, systemd"
 
+
 
+SRC_URI = "file://postinst \
 
+           file://sshd-regen-keys.service"
 
+
 
+do_install() {
 
+    install -d -m 0755 "${D}/lib/systemd/system"
 
+    install -m 0644 "${WORKDIR}/sshd-regen-keys.service" "${D}/lib/systemd/system/sshd-regen-keys.service"
 
+}