On Dec 1, 2016, at 2:00 PM, Marion, Mike <mmarion@qualcomm.com> wrote:
On Thu, Dec 01, 2016 at 12:07:07PM +0100, m.frerichs wrote:
It seems that ssh-keys in /etc/ssh are preserved from the old existing system, even if I recreate and reformat the disk . Is it true that such a feature exists and why? Are there other configurations which are preserved?
Wow.. this should be configurable, but I've wanted something like this for years. We tend to re-image our hosts for upgrades or other reasons more than most likely do (we're using SLE though) and I had coded some stuff to do this year ago using a pre-install, ramdisk and then find/copy over during pre, find/copy back during chroot. I agree that it is a useful feature, and I find it quite handy to keep the same ssh keys after reinstalling (especially when testing AutoYaST profiles), although it could be unexpected, especially if you were repurposing hardware.
It is configurable via AutoYaST: https://doc.opensuse.org/projects/autoyast/#CreateProfile.SSHKeysAndConfig If not configured, it defaults to copying the host keys. Looking at a y2log from a recently-installed VM, it seems that this setting screen could be shown by the installer, but is hidden by default: 2016-12-05 16:39:02 <1> install(3162) [Ruby] modules/ProductControl.rb:1025 Proposal modules: [$["name":"bootloader", "presentation_order":"20"], $["name":"hwinfo", "presentation_order":"80"], $["name":"software", "presentation_order":"30"], $["name":"default_target", "presentation_order":"70"], $["name":"firewall_stage1", "presentation_order":"95"], $["name":"ssh_import", "presentation_order":"97"], $["name":"clone", "presentation_order":"99"]] 2016-12-05 16:39:02 <1> install(3162) [Ruby] modules/ProductControl.rb:1083 Proposal module ssh_import found among disabled subproposals Maybe a verbose install would show it? (I’d have to RTFM myself there…probably a bootloader cmdline option?) Not sure when this setting first appeared — it’s also in the SLE 12 autoyast docs, but not the SLE 11 ones. The copy-keys feature has been around for a long time, at least since the 10.x days. -AndrewN�����r��y隊Z)z{.�殶���֥�맲��r��z�^�ˬz��N�(�֜��^� ޭ隊Z)z{.�殶���֥��0�����Ǩ�