Remove SSH host keys after installing the custom version of sshd (#10633)
* Remove SSH host keys after installing the custom version of sshd Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com> * Use an override for for sshd instead of overwriting the service file Don't overwrite upstream's .service file, and instead use an override file for making sure the host key(s) are generated. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
This commit is contained in:
parent
672db8d416
commit
64187a1b15
@ -407,7 +407,8 @@ sudo sed -i 's/LOAD_KEXEC=true/LOAD_KEXEC=false/' $FILESYSTEM_ROOT/etc/default/k
|
|||||||
## Remove sshd host keys, and will regenerate on first sshd start
|
## Remove sshd host keys, and will regenerate on first sshd start
|
||||||
sudo rm -f $FILESYSTEM_ROOT/etc/ssh/ssh_host_*_key*
|
sudo rm -f $FILESYSTEM_ROOT/etc/ssh/ssh_host_*_key*
|
||||||
sudo cp files/sshd/host-ssh-keygen.sh $FILESYSTEM_ROOT/usr/local/bin/
|
sudo cp files/sshd/host-ssh-keygen.sh $FILESYSTEM_ROOT/usr/local/bin/
|
||||||
sudo cp -f files/sshd/sshd.service $FILESYSTEM_ROOT/lib/systemd/system/ssh.service
|
sudo mkdir $FILESYSTEM_ROOT/etc/systemd/system/ssh.service.d
|
||||||
|
sudo cp files/sshd/override.conf $FILESYSTEM_ROOT/etc/systemd/system/ssh.service.d/override.conf
|
||||||
# Config sshd
|
# Config sshd
|
||||||
# 1. Set 'UseDNS' to 'no'
|
# 1. Set 'UseDNS' to 'no'
|
||||||
# 2. Configure sshd to close all SSH connetions after 15 minutes of inactivity
|
# 2. Configure sshd to close all SSH connetions after 15 minutes of inactivity
|
||||||
|
@ -329,6 +329,11 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
|
|||||||
# Install custom-built openssh sshd
|
# Install custom-built openssh sshd
|
||||||
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/openssh-server_*.deb
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/openssh-server_*.deb
|
||||||
|
|
||||||
|
# Remove sshd host keys, and will regenerate on first sshd start. This needs to be
|
||||||
|
# done again here because our custom version of sshd is being installed, which
|
||||||
|
# will regenerate the sshd host keys.
|
||||||
|
sudo rm -f $FILESYSTEM_ROOT/etc/ssh/ssh_host_*_key*
|
||||||
|
|
||||||
{% if sonic_asic_platform == 'broadcom' %}
|
{% if sonic_asic_platform == 'broadcom' %}
|
||||||
# Install custom-built flashrom
|
# Install custom-built flashrom
|
||||||
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/flashrom_*.deb
|
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/flashrom_*.deb
|
||||||
|
4
files/sshd/override.conf
Normal file
4
files/sshd/override.conf
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
[Service]
|
||||||
|
ExecStartPre=
|
||||||
|
ExecStartPre=/usr/local/bin/host-ssh-keygen.sh
|
||||||
|
ExecStartPre=/usr/sbin/sshd -t
|
@ -1,18 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=OpenBSD Secure Shell server
|
|
||||||
After=network.target auditd.service
|
|
||||||
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
EnvironmentFile=-/etc/default/ssh
|
|
||||||
ExecStartPre=-/usr/local/bin/host-ssh-keygen.sh
|
|
||||||
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
|
|
||||||
ExecReload=/bin/kill -HUP $MAINPID
|
|
||||||
KillMode=process
|
|
||||||
Restart=on-failure
|
|
||||||
RuntimeDirectory=sshd
|
|
||||||
RuntimeDirectoryMode=0755
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
Alias=sshd.service
|
|
Loading…
Reference in New Issue
Block a user