On 2007.05.05. 00:06, Mike Marion wrote:
On Fri, May 04, 2007 at 10:15:45PM +0100, Alan Mosca wrote:
I have a perl script that is being run as "post" with network required. This script is meant to download ssh host keys via nfs and replace the ones in /etc/ssh. Can someone confirm that this script will be run *after* sshd has generated it own keys and it won't be overwriting the ones I just copied? If not how could I solve this?
It shouldn't matter.. sshd only runs keygen if the files aren't there.
...but it is very much possible that it will start generating keys, then they will be partially overwritten by the script, then keygen will overwrite one of them, then it will fail, as there already will be some other files... which is exactly what happened to me with two servers, having quite different cpu speeds. in the end, i created a simple check, which was overwriting the keys only after all of them were already pregenerated. it's possible to drop them before sshd gets a chance to start, but if that's a post script, waiting until sshd generates new keys and then replacing them seemed the safest solution to me.
Sample from /etc/init.d/sshd: if ! test -f /etc/ssh/ssh_host_key ; then echo Generating /etc/ssh/ssh_host_key. ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N '' fi
So if you drop your keys into place before it runs, it'll see them and not run ssh-keygen anyway. -- Rich -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org