Re: Empty (zero byte) SSH host keys

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, Jan 6, 2016 at 1:08 PM, Benjamin Drung
<benjamin.drung@xxxxxxxxxxxxxxxx> wrote:
> Hi,
>
> We create virtual machine image templates by doing automated minimal
> installations of different Linux distributions (via
> preseed/kickstarter/autoyast). At the end of the installation, we
> remove the SSH host keys (rm -f /etc/ssh/ssh*_key*). Fresh SSH host
> keys will be generated on the first boot of the image instances. This
> is done by adding a "dpkg-reconfigure openssh-server" call in
> /etc/rc.local (which calls ssh-keygen) on Debian/Ubuntu and by the init
> script of sshd on the other distributions.
>
> This leads to working SSH server running on the virtual machines most
> of the times, but sometimes the SSH connection fails with "connection
> reset by peer". The investigation of Debian 7 "wheezy" images showed
> that these faulty machines have empty (zero byte) SSH host key files.
> These files do not exist before the machines are started, but they do
> exist before "dpkg-reconfigure openssh-server" is called.
>
> So it seems that some process creates these empty SSH host key files.
> Can you help to further debugging this strange behavior? Does sshd
> create SSH host keys?

It could be a filesystem issue in your image generation process. Are
you doing a "sync" before recording your image? And are you using one
of the more fragile, "optimized" filesystems like ReiserFS, which is
infamous for zeroing files?

Until you discover the issue, you *could* edit the OpenSSH init
script, or /etc/sysconfig/sshd, to clear the hostkeys if they're empty
and before new keys would be auto-generated.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux