Re: Empty (zero byte) SSH host keys

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, 6 Jan 2016, Benjamin Drung wrote:

> Hi,
> 
> We create virtual machine image templates by doing automated minimal
> installations of different Linux distributions (via
> preseed/kickstarter/autoyast). At the end of the installation, we
> remove the SSH host keys (rm -f /etc/ssh/ssh*_key*). Fresh SSH host
> keys will be generated on the first boot of the image instances. This
> is done by adding a "dpkg-reconfigure openssh-server" call in
> /etc/rc.local (which calls ssh-keygen) on Debian/Ubuntu and by the init
> script of sshd on the other distributions.
> 
> This leads to working SSH server running on the virtual machines most
> of the times, but sometimes the SSH connection fails with "connection
> reset by peer". The investigation of Debian 7 "wheezy" images showed
> that these faulty machines have empty (zero byte) SSH host key files.
> These files do not exist before the machines are started, but they do
> exist before "dpkg-reconfigure openssh-server" is called.
> 
> So it seems that some process creates these empty SSH host key files.
> Can you help to further debugging this strange behavior? Does sshd
> create SSH host keys?

No, sshd only reads and never writes host keys. It's possible that
either ssh-keygen is failing during writing the keys out or there
is some bug in the init script that is calling it.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux