> On 24. 2. 2023, at 13:25, Keine Eile <keine-eile@xxxxxxxxx> wrote: > > Am 24.02.23 um 13:11 schrieb Jan Schermer: >> One solution I used was simply scripting the deletion of the host key after cloning it. >> Another solution is to delete them in the golden image you create (which could be a different scenario from cloning whatever machine you need) > > The golden image can not have a hard wired magic which generates new host keys, as it is maintained from time to time using ssh. Right, that is what I did - stuff like apt update/upgrade or yum upgrade, pushing new versions of other stuff and then right before shutdown and turning it back into golden image I deleted the hostkeys, dhcp leases, logs and other state files. > >> Both approaches worked well enough except when they didn’t. > > I think, I have seen this, too. > >> It would be great to be able to specify path to hostkey including some sort of $hostname variable, so it would be regenerated if hostname changes, but that is probably better solved in a startup script. Maybe modifying it to create a symlink from the hostkey to a filename including hostname? I wonder how fragile that would be and if something like that already exists. Not sure if MAC or hostname are the right distinguishing parameters, though, maybe something like dmidecode UUID? > > The MAC is my weapon of choice, because no matter what virtualization you have, this will (in a sense, it hast to) change. Changing the hostname comes with the Ansible stuff, but this is already too late. > Hmm, I usually get hostnames from DHCP/cloud-init etc. This is where this magic should happen in theory. I guess looking for cloud-init hooks could turn up something that already exists? >> Jan > > Thanks Jan. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://www.google.com/url?q=https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev&source=gmail-imap&ust=1677846468000000&usg=AOvVaw3QfyRqSVP6ds-YjBi_a9iN _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
