From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6943578040844681216
X-Received: by 2002:aa7:c481:: with SMTP id m1mr10049998edq.186.1617872297163;
        Thu, 08 Apr 2021 01:58:17 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a05:6402:4c2:: with SMTP id n2ls3980025edw.2.gmail; Thu, 08
 Apr 2021 01:58:16 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyAfquYnwW/0PgFu3wL91nRvHUn8uNULsg6ALqi31aro8zRNoTEBCp8Q8UTkhREWVBFZzOf
X-Received: by 2002:a05:6402:128a:: with SMTP id w10mr9770491edv.277.1617872296290;
        Thu, 08 Apr 2021 01:58:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617872296; cv=none;
        d=google.com; s=arc-20160816;
        b=dhdXFAjgQM+L7mxM8avWcY1d0uhv3u7WtwkB7PmbvNEDDp0By01grsNuKM71b+obDD
         60YAFpXlhaDIEgdb5+/lwzMWdvDwY2XvnJSCvONVtEXqFxtHzDYtKE3rjwB0zWHetIXa
         mujcuTSwYA+V9hSbe9K5XvFPrUVVlbWhpGqzHtGwsHPj3AVyPdQIJPWTqAyDflQoH2uQ
         TS7J6QFTU//ZqzttB04P04z03ZkNAJSbLh98LBJCooe1J9Wziyj8iB9X/faPyokHTvOZ
         xCfcRG9ctrKPbPWl17UvDBsT1PAxcPAI6EavkChLRt+6jHSIsV2UxCFm2ZqVqzYxb1S/
         bowA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:from:references:cc:to:subject;
        bh=5lZXovphivCcxBP40dheDP816hU16Wr9Io1CLc6Ci9Q=;
        b=WK/IUwtmG58dC8cQR/oIyW473wcAMGmM8YLk0mem9DlQX4Q2QTeyss0jkC0wNWL8z2
         sd6aAPxzvOGhnZ0rpoVgM+05KIHWSnGPcqqSDUnvdZpK+5s5fOcCfA23y3WQ6iECuxgC
         BXkojuIf9CmXLNbdvbzOVUqQAm5zkmNCSdWlm/jSkcrI4AD3tb++BnlTqWzaLXpjGcZa
         TD3229YaBlelKQc6oGg8foz9mbpk4qx6H+rJXndZ4d19rR3x/HDL17Qp7MTPrHpxfDoH
         4/LDC0ECulwCWLzaY4iPrTHu+CWRjPGKRX+KnxvGz9+7FfjEJ2IcDIX+dPQNsDAbXewj
         VUdg==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Return-Path: <jan.kiszka@siemens.com>
Received: from lizzard.sbs.de (lizzard.sbs.de. [194.138.37.39])
        by gmr-mx.google.com with ESMTPS id ck26si3952450edb.1.2021.04.08.01.58.16
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 08 Apr 2021 01:58:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.39 as permitted sender) client-ip=194.138.37.39;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66])
	by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id 1388wEuq012127
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Thu, 8 Apr 2021 10:58:14 +0200
Received: from [167.87.250.28] ([167.87.250.28])
	by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id 1388owin010004;
	Thu, 8 Apr 2021 10:50:59 +0200
Subject: Re: [PATCH v2] sshd-regen-keys: Improve service, make more robust
To: Anton Mikanovich <amikan@ilbers.de>,
        Henning Schild <henning.schild@siemens.com>,
        isar-users <isar-users@googlegroups.com>
Cc: Harald Seiler <hws@denx.de>
References: <20210330101722.10371-1-henning.schild@siemens.com>
 <84e75900-186d-28de-3d35-d00848aea570@ilbers.de>
From: Jan Kiszka <jan.kiszka@siemens.com>
Message-ID: <5c88f60f-b3bf-50fb-3b28-f17abce4e4fb@siemens.com>
Date: Thu, 8 Apr 2021 10:50:58 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <84e75900-186d-28de-3d35-d00848aea570@ilbers.de>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-TUID: iy2q+qquiymF

On 08.04.21 10:24, Anton Mikanovich wrote:
> 30.03.2021 13:17, Henning Schild wrote:
>> Switch to using "/usr/bin/ssh-keygen -A" instead of dpkg-reconfigure.
>> With this we would generate new host keys every time the service starts
>> and no keys exist. Removing the keys from openssh-server in a postinst
>> makes it complete so that we really only generate on the first boot.
>>
>> This is easier to handle that reusing the debian package hooks for key
>> generation.
>>
>> Signed-off-by: Henning Schild <henning.schild@siemens.com>
> 
> Looks good, waiting for Jan to approve.
> 

Just checked this with my problematic setup, and the patch works as it
should.

Jan

-- 
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux