[opensuse-autoinstall] Post, network required script
Hello all, I have a perl script that is being run as "post" with network required. This script is meant to download ssh host keys via nfs and replace the ones in /etc/ssh. Can someone confirm that this script will be run *after* sshd has generated it own keys and it won't be overwriting the ones I just copied? If not how could I solve this? Regards, -- Alan Mosca EMEA Systems Engineer Cluster Resources, Ltd. Direct - UK Office: +44 (0)1223 437 132 US Headquarters: +1 801 717 3700 Skype: nitbix www.clusterresources.co.uk -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
On Fri, May 04, 2007 at 10:15:45PM +0100, Alan Mosca wrote:
I have a perl script that is being run as "post" with network required. This script is meant to download ssh host keys via nfs and replace the ones in /etc/ssh. Can someone confirm that this script will be run *after* sshd has generated it own keys and it won't be overwriting the ones I just copied? If not how could I solve this?
It shouldn't matter.. sshd only runs keygen if the files aren't there. Sample from /etc/init.d/sshd: if ! test -f /etc/ssh/ssh_host_key ; then echo Generating /etc/ssh/ssh_host_key. ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N '' fi So if you drop your keys into place before it runs, it'll see them and not run ssh-keygen anyway. -- Mike Marion-Unix SysAdmin/Staff IT Engineer-http://www.qualcomm.com "I've never used their tech support, but the word is that it sucks." I believe it's composed entirely of monkeys that couldn't get the Shakespeare gig. :-) ==> /. users talking about @home tech support -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
On 2007.05.05. 00:06, Mike Marion wrote:
On Fri, May 04, 2007 at 10:15:45PM +0100, Alan Mosca wrote:
I have a perl script that is being run as "post" with network required. This script is meant to download ssh host keys via nfs and replace the ones in /etc/ssh. Can someone confirm that this script will be run *after* sshd has generated it own keys and it won't be overwriting the ones I just copied? If not how could I solve this?
It shouldn't matter.. sshd only runs keygen if the files aren't there.
...but it is very much possible that it will start generating keys, then they will be partially overwritten by the script, then keygen will overwrite one of them, then it will fail, as there already will be some other files... which is exactly what happened to me with two servers, having quite different cpu speeds. in the end, i created a simple check, which was overwriting the keys only after all of them were already pregenerated. it's possible to drop them before sshd gets a chance to start, but if that's a post script, waiting until sshd generates new keys and then replacing them seemed the safest solution to me.
Sample from /etc/init.d/sshd: if ! test -f /etc/ssh/ssh_host_key ; then echo Generating /etc/ssh/ssh_host_key. ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N '' fi
So if you drop your keys into place before it runs, it'll see them and not run ssh-keygen anyway. -- Rich -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
On Tue, May 08, 2007 at 04:53:12PM +0300, Rich wrote:
...but it is very much possible that it will start generating keys, then they will be partially overwritten by the script, then keygen will overwrite one of them, then it will fail, as there already will be some other files...
which is exactly what happened to me with two servers, having quite different cpu speeds.
I don't see how that's possible. Every autoyast install I've done on first reboot goes into yast, runs some configuration bits (networking, ntp, etc), then runs post-install scripts. Then it runs the SuSEConfig bits.. then yast exits and it continues to boot into either runlevel 3 or 5, during which the sshd init script is called and keys would then be generated or not. Long after the post-script is done. -- Mike Marion-Unix SysAdmin/Staff IT Engineer-http://www.qualcomm.com Vir: "Londo, are you deliberatly trying to drive me insane?" Londo: "The Universe is already mad. Anything else would be redundant." ==> Babylon 5 -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
participants (3)
-
Alan Mosca -
Mike Marion -
Rich