On Wed, Jan 6, 2016 at 1:08 PM, Benjamin Drung <benjamin.drung@xxxxxxxxxxxxxxxx> wrote: > Hi, > > We create virtual machine image templates by doing automated minimal > installations of different Linux distributions (via > preseed/kickstarter/autoyast). At the end of the installation, we > remove the SSH host keys (rm -f /etc/ssh/ssh*_key*). Fresh SSH host > keys will be generated on the first boot of the image instances. This > is done by adding a "dpkg-reconfigure openssh-server" call in > /etc/rc.local (which calls ssh-keygen) on Debian/Ubuntu and by the init > script of sshd on the other distributions. > > This leads to working SSH server running on the virtual machines most > of the times, but sometimes the SSH connection fails with "connection > reset by peer". The investigation of Debian 7 "wheezy" images showed > that these faulty machines have empty (zero byte) SSH host key files. > These files do not exist before the machines are started, but they do > exist before "dpkg-reconfigure openssh-server" is called. > > So it seems that some process creates these empty SSH host key files. > Can you help to further debugging this strange behavior? Does sshd > create SSH host keys? It could be a filesystem issue in your image generation process. Are you doing a "sync" before recording your image? And are you using one of the more fragile, "optimized" filesystems like ReiserFS, which is infamous for zeroing files? Until you discover the issue, you *could* edit the OpenSSH init script, or /etc/sysconfig/sshd, to clear the hostkeys if they're empty and before new keys would be auto-generated. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
