Am Donnerstag, den 07.01.2016, 10:09 +1100 schrieb Damien Miller: > On Wed, 6 Jan 2016, Benjamin Drung wrote: > > > Hi, > > > > We create virtual machine image templates by doing automated > > minimal > > installations of different Linux distributions (via > > preseed/kickstarter/autoyast). At the end of the installation, we > > remove the SSH host keys (rm -f /etc/ssh/ssh*_key*). Fresh SSH host > > keys will be generated on the first boot of the image instances. > > This > > is done by adding a "dpkg-reconfigure openssh-server" call in > > /etc/rc.local (which calls ssh-keygen) on Debian/Ubuntu and by the > > init > > script of sshd on the other distributions. > > > > This leads to working SSH server running on the virtual machines > > most > > of the times, but sometimes the SSH connection fails with > > "connection > > reset by peer". The investigation of Debian 7 "wheezy" images > > showed > > that these faulty machines have empty (zero byte) SSH host key > > files. > > These files do not exist before the machines are started, but they > > do > > exist before "dpkg-reconfigure openssh-server" is called. > > > > So it seems that some process creates these empty SSH host key > > files. > > Can you help to further debugging this strange behavior? Does sshd > > create SSH host keys? > > No, sshd only reads and never writes host keys. Thanks for confirming it. > It's possible that > either ssh-keygen is failing during writing the keys out or there > is some bug in the init script that is calling it. The strange thing is that the empty files appear before ssh-keygen is called (via our "dpkg-reconfigure openssh-server" call in /etc/rc.local). I am not aware of any other ssh-keygen calls besides our one. Who creates these empty SSH host key files? I also checked the sysvinit script of ssh on Debian 7 "wheezy". It only checks/creates /var/run/sshd before calling sshd. There is not host key handling in the init script of ssh. -- Benjamin Drung System Developer Debian & Ubuntu Developer ProfitBricks GmbH Greifswalder Str. 207 D - 10405 Berlin Email: benjamin.drung@xxxxxxxxxxxxxxxx URL: http://www.profitbricks.com Sitz der Gesellschaft: Berlin. Registergericht: Amtsgericht Charlottenburg, HRB 125506B. Geschäftsführer: Andreas Gauger, Achim Weiss. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
