From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6943578040844681216 X-Received: by 2002:a05:6512:3af:: with SMTP id v15mr1894185lfp.129.1617870255182; Thu, 08 Apr 2021 01:24:15 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6512:3d16:: with SMTP id d22ls4224848lfv.1.gmail; Thu, 08 Apr 2021 01:24:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwo0QZOoZP79WLQCivvDozKkvUqwALZ1dc33rjI1B9CYhOmjlKHD8KALOHO6Pry3ab/LoS4 X-Received: by 2002:a19:6557:: with SMTP id c23mr5540426lfj.422.1617870254216; Thu, 08 Apr 2021 01:24:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617870254; cv=none; d=google.com; s=arc-20160816; b=ObJBTIUWRGL6CMxfggtOeV4AEoJiPNvMeLNGvDPMb2pO2l3kxLcc5RsHykmQ3DywOq nQL68LqzMCS4tvW0DrQFXN3JMenRdhGGq/Djm3OPnXPB49wv06FjAZ8uGKuW8lhnmPjp h/5jZDP/qst9vjASj5+UmdICStnrQXKzHkQ+LnPZupNBZYLAe7M0zwcA14omcTGfml4g udB0Ckgx8PRraDrGI1uftKC+w9onSFx2HYvt9vinwKBZ3VKiftCjIIB3LyQtl0CZAZEW cM4RqMn4IYb/xknZnSVok7NaC4h7cgXnDs1cjGnnXdu0Pc29qraIR1HmU0wIziO1e3rY 8XVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-language:content-transfer-encoding:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject; bh=xc1tta5CKdCfbf5eAdxTHjKJ4D4BBdnxWtMsfoWIa/A=; b=E4gB/h/oSN1zb+TJo0qKHQ8eATb6q43cmINuxPxhw5XPLpJuUIt3F2qq2XgKqwqtdA CSIibfb0yoXuxuzJhQkkYaW9uB3MOs2IoXNqFBO5QN0sTaPgEZZ0Y6mtOpIfodVdUgHA AHbRgyklf0eNwvNbApOwkmwy9LiMVGoizspXBE6I1vidA0mhgszPpBluASiZ8gwSAzNV Y0HUVWqUtAbtCsaKV2V4CAgqgylvP3I+3EXp1ubm9zX5RtkWA01uQXVxrOXl/vRyx8Br lOjKCPkjs8JSd06w3OAT3YhohZt+Ia5TPF9Sye5rEPcO2b3f5xOTU7hPQiVTjAAuPTBK tDHw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de Return-Path: Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id y128si785921lfc.9.2021.04.08.01.24.14 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 08 Apr 2021 01:24:14 -0700 (PDT) Received-SPF: pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of amikan@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=amikan@ilbers.de Received: from [192.168.67.164] (mm-189-44-214-37.mgts.dynamic.pppoe.byfly.by [37.214.44.189] (may be forged)) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPSA id 1388OBa9000886 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 8 Apr 2021 10:24:11 +0200 Subject: Re: [PATCH v2] sshd-regen-keys: Improve service, make more robust To: Henning Schild , isar-users Cc: Jan Kiszka , Harald Seiler References: <20210330101722.10371-1-henning.schild@siemens.com> From: Anton Mikanovich Message-ID: <84e75900-186d-28de-3d35-d00848aea570@ilbers.de> Date: Thu, 8 Apr 2021 11:24:05 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: <20210330101722.10371-1-henning.schild@siemens.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: 4FBdwXup+lST 30.03.2021 13:17, Henning Schild wrote: > Switch to using "/usr/bin/ssh-keygen -A" instead of dpkg-reconfigure. > With this we would generate new host keys every time the service starts > and no keys exist. Removing the keys from openssh-server in a postinst > makes it complete so that we really only generate on the first boot. > > This is easier to handle that reusing the debian package hooks for key > generation. > > Signed-off-by: Henning Schild Looks good, waiting for Jan to approve. -- Anton Mikanovich Promwad Ltd. External service provider of ilbers GmbH Maria-Merian-Str. 8 85521 Ottobrunn, Germany +49 (89) 122 67 24-0 Commercial register Munich, HRB 214197 General Manager: Baurzhan Ismagulov