From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6943578040844681216 X-Received: by 2002:a05:6402:3101:: with SMTP id dc1mr9400180edb.318.1619612500105; Wed, 28 Apr 2021 05:21:40 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6402:4c2:: with SMTP id n2ls958539edw.2.gmail; Wed, 28 Apr 2021 05:21:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy6g+AqeGc3TQGEyBfjqm2KknejhNnFXRnGBL9VwMFF77REZoDoG5uQhXjTNj+eUL72Al5i X-Received: by 2002:aa7:dbd3:: with SMTP id v19mr10764525edt.314.1619612499317; Wed, 28 Apr 2021 05:21:39 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1619612499; cv=pass; d=google.com; s=arc-20160816; b=sEpzQlsHVamY71Q9YVAVk7AksG3zzmnzna838sGvA5KXuztib2TuCfb+Is1UAUEm+K 3VnKbORXcYCG/btv43yUU6Tr3zohSu90Ox7fS37dxBhLTBn33r81cvwnWE50UlmaD8WE Vf9Skll4EqjtFSDabNAQkkybJ/e0NlrcqNlBer2R9Fhv7adgn6fXt+unTIh0K2BLdNO9 OaGce9Z5IsUnvyDTqiPgv5o7n9vBQaoYZ3Q5UfPh5xAHAXZFowgscyjACdEjistbSUXU gLj13PyBlQ6hfl/PXu00LUbONECotfKxZB3NWr7d3V1vJKysiRyTg0A6XpZPQtklqBtB FNjw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:document_confidentiality :msip_labels:content-language:accept-language:in-reply-to:references :message-id:date:content-class:thread-index:thread-topic:subject:cc :to:from:dkim-signature; bh=uLoQ9KcYinbP+/+wktyofCCKdcfYG3dC6KFEbP23Msk=; b=Son2891yE/Lb1PZmWE1siny2gJRGoSOnVMwNJtjZDV2Fl2VfqiyJwj4FsJuu/DGLFH M9kATecegtCmUiR6YlIPTyfBvVBrNjdQ28Dyq+Ls2hsO0tyklY9QGecocJlRT0xnTEvR T9IEoAob5xkjaY43+xUF40ftPDY2LXnuWqMLJHTa5KQ9FK9rKcXSXq3A2TUHSUjvWrFe kTlwePfL6ZrOrCg9SEMFQZQYQCGbQAfDIowyiiikZ8Ym74m+Z3PIPhXWx3BZEhbOpLV6 2FzI5BAZ/DY0M+lcW6thMpc7oXgMVT0C+YgWHZ8LaHnh/CMxaAJm3yoxskKZ79bZOUHj aFDw== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.onmicrosoft.com header.s=selector1-siemens-onmicrosoft-com header.b=Y8r5nysR; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 40.107.15.71 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150071.outbound.protection.outlook.com. [40.107.15.71]) by gmr-mx.google.com with ESMTPS id g7si639488edm.3.2021.04.28.05.21.39 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 28 Apr 2021 05:21:39 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 40.107.15.71 as permitted sender) client-ip=40.107.15.71; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.onmicrosoft.com header.s=selector1-siemens-onmicrosoft-com header.b=Y8r5nysR; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 40.107.15.71 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Yc5G9CVdVT3ip5R5iw+AqqaRI7PT+ni4qtm+gwQpM+RJ8gFrLsYoXiNCRkmy0l/HC6Z3/GyMcTz+RWKNCQInKLC8hiqNlLZ5Dnig+P1g9s+Y0paHIKLn9mxFM4KDDax5DFSbNjrsfuIWMgIm0KOCdtE825iQHICTPtnYaEF/k3ZO0NvIStUrCCei3o2Y8tocY0UULtYIRzM5oMTpPF8Luhvr18H4gcX+D0IQT8w6F64JtziB5cSueBeiXrADY+wf9Zm4MjOzIa++IePucP7DgG+vCM4yIPeQZ2fX577nlwmeqOpUGyavlOaQLQbyIPd4gpahIqG/NJaNvKk8U+TLhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uLoQ9KcYinbP+/+wktyofCCKdcfYG3dC6KFEbP23Msk=; b=m0spImvYf589SsQOls++LoJY2P+E9+R1ODbFECE5uUBP2TvAoXyFM+K5ire0k/T5G0foaO9Y1AlghEVXEA7tgUKnZNLdjn3TFbFxxgk5BGMwt1riyXqk2Q936v8QsZ++ePpT6svzVR1fyxz1blEJ8n9q5FWpSMNd79KugAvznBN6lM9idp8h2MGBQgC+01MY6PRvUp6dE70jNw+NTfRn76ChcS5zx9zQ30sfmcYAWdqDMMPrYzA7eoJN+MegnNcpK9Q8M5sXwiT61WH44mKiQQwX83UWpBTyV+ItMcNPZAvTzZgIzv2mdDsuUTPP7Mem0Tkm28TZyGMjvB4rw+BHqQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uLoQ9KcYinbP+/+wktyofCCKdcfYG3dC6KFEbP23Msk=; b=Y8r5nysR+GXtbnDAUbhVIJtOROoXOEAiVIL9P3LCArmHFvmeDTBeKPYk1Buv08RXYDLWXricMkUaW2jDoy7ziinbPwIjbEWI1MYc/YAAgwosfeZStywEN5Xzd+qChsd1lw4/xrZNvNukekymTDmBNG4FtzvfwqFuDdOry+RwJwk= Received: from AM0PR10MB1939.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:44::22) by AM0PR10MB3332.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:17d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21; Wed, 28 Apr 2021 12:21:38 +0000 Received: from AM0PR10MB1939.EURPRD10.PROD.OUTLOOK.COM ([fe80::4969:6177:f82c:151d]) by AM0PR10MB1939.EURPRD10.PROD.OUTLOOK.COM ([fe80::4969:6177:f82c:151d%4]) with mapi id 15.20.4065.027; Wed, 28 Apr 2021 12:21:38 +0000 From: "Moessbauer, Felix" To: "henning.schild@siemens.com" , isar-users CC: "jan.kiszka@siemens.com" , Harald Seiler Subject: RE: [PATCH v2] sshd-regen-keys: Improve service, make more robust Thread-Topic: [PATCH v2] sshd-regen-keys: Improve service, make more robust Thread-Index: AQHXJU3nl7qbYkk8PUyzYctiAxH/R6rKAciQ Content-Class: Date: Wed, 28 Apr 2021 12:21:38 +0000 Message-ID: References: <20210330101722.10371-1-henning.schild@siemens.com> In-Reply-To: <20210330101722.10371-1-henning.schild@siemens.com> Accept-Language: en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-04-28T12:21:31Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=bce7b5f0-891a-49c4-95cc-64b68207bf22; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0 document_confidentiality: Restricted authentication-results: siemens.com; dkim=none (message not signed) header.d=none;siemens.com; dmarc=none action=none header.from=siemens.com; x-originating-ip: [147.161.171.4] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0fd696e4-4872-4b49-d680-08d90a402c21 x-ms-traffictypediagnostic: AM0PR10MB3332: x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: lQ+Hl97piQ/gI3opsWZXscd0GSQSLY6ioEsOReC9X4QS9AiNbwW4WyP9HziIOWBRPGWE459yclk4QyBp2ZpuE9Cr769hhlx2zOLLPYeNAVhxDNsj3vKSA20+CBqozGJp0Ky62RmpTNX0oc3sVI6scxUOJ7okhg6598njzZwRLAfAMnw3Xz8FKRqP35BZyghWf62ytCx9kzpHq1R31F1eTBFO0HHF+3k29juIaZTaFhlPEspsGe8iSSEVqqnXT9nX3Jh6vpEeqxqLUxtw+i2WH9qGQg/kMJiITAhnA1l48WFMZBFzeeGY32EN426A04IpdhpCvmXftFSRrnkhEJ1W8DsdhfynXkPxxb/WoAFkBVajmukNBcC67Y5fcVS2qe46KHiBxVgUD0ZYtPjgds0iG8Gr1YeawrzdtLZd7hz6A7GC5Vy95lR5D0kLWNG+jsCsW0kgYevWS8G4KtXBX41AcEAe7rHjURzPRgVCZcTiHEovnQ9IhgQIQ8nT+J1Gpj0HlgO3hxx929L8Lxs7cxp5544TsiH5yd50m148QKwv1p+f+S6nM9guSEpfMuBSenqm5eJHAqR/ar1fX9p2o++TsB1TGZVaZ4OcHCmpEJ5AklqIQ66vmdE+aeWJUGjYoaEtWU/Z7BNJUi/k2/YgRaajc3IA/DbXEzZyuRfJP0bm/NTwmamQJwmZIAJ3tY+F4ha7 x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM0PR10MB1939.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(366004)(396003)(136003)(376002)(346002)(45080400002)(966005)(33656002)(71200400001)(8676002)(66556008)(54906003)(4326008)(52536014)(5660300002)(6506007)(66476007)(66946007)(8936002)(53546011)(66446008)(76116006)(7696005)(186003)(26005)(83380400001)(55016002)(9686003)(2906002)(64756008)(110136005)(38100700002)(86362001)(122000001)(316002)(478600001);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?kDQcVu7iDx0Fxv83IGqFAwlnmd5/dX4/fFeJaOjotUObqZP2cFcjLW4JcOX5?= =?us-ascii?Q?qgqQcoOubqfJ0yza+mk83Qgat+pxcgfiGSIItOChBcpLQoz+HSn62WdAy7Ke?= =?us-ascii?Q?VajPP609fNeK0CV0KsPOiQ63OtSRAHh5dxDFZdOeNYEq5kmeBwDJ8M4IFNlC?= =?us-ascii?Q?au6TuWrX8ftJa4+JvbsEfJ3rFGwDKOpQGj3mqXop9pm7Q14HibzO9eFPcVO8?= =?us-ascii?Q?4YEG1rsv0iJPWdYEEgfqnBtdLv2qvGCtZSK/dklXZ3ViDhGgIMBJb07h2AM8?= =?us-ascii?Q?NF2qmeOYDanjl/d+AyHquMPyXL++enTmNEJUkb7Vegd+7WUYPOb8ZLwDi6lG?= =?us-ascii?Q?px5kqo4xsU1/Fi0H2W0lmm7XI+VFslVPFiZHr/hs5fZvaqYe2/Y0IK0bx22f?= =?us-ascii?Q?7TSam03j0hkmECmyBvntf385eKZJ4hwdNYciZucCWrZFxdLxKWr2sPDmNMLy?= =?us-ascii?Q?PMkagGxJZJPfrccsWiaU+Jzgpz9IpKK+eCkczdnN0pDf/w9vi9Tuq3Y9kphY?= =?us-ascii?Q?Szj0fvhvgjlg9SseMxeDhTP6+eInS/drvruGwn3V7E0saVKY/impSEe5y4a6?= =?us-ascii?Q?JtZCXgihUSphmGU49txkhKcF1iKNqYPFRGIAirf7MF4j1sGcqdZBVymmG3UX?= =?us-ascii?Q?tn28uEQ+a7Sq9i4RpatNaA+XdNNLwueq13CShsCGWYXr4K2C9KnsDNhVhzhU?= =?us-ascii?Q?Q7F1YsBGAHioMZrBdZ8TeCAqdHAKphpbHAb/MkMPFCskyhPMJ8FXw5uj1osF?= =?us-ascii?Q?v31bOfcvOTB+ojp0rYLwk2foEUGzsGUkjIWH9gefPyuN7ZITWSPf52MzLR8a?= =?us-ascii?Q?hfZPTkUBWLZAy18AtsgLgV9X5CcDo8X2J/j+JN8YiJWoT2RdQXjTDmoMCdQH?= =?us-ascii?Q?LS/1CjZ/SnETgoOFaqmA7W3RRpGL8hbUNsodSbiGcUILJYiQyRRNBjlXt7b5?= =?us-ascii?Q?IAk8SqhUVQBxEC9B/zJNHNmftNq7nH1A6f1TXG3Yoayjd0NfVugX7ZwkqYLe?= =?us-ascii?Q?kvxOURNqB3+BsWTyBd/7N1KO3Ka8fadfDOlKaOMEX45BN7Op5BAY7Q1LkkEU?= =?us-ascii?Q?ysBirLFLytYIIICf8R9LINBsxNJIg1uOY02ZzEhG2LtKtJgH+YlEIAMwTxsy?= =?us-ascii?Q?CCDpcaUAtqaGlvF6T81/2HHcWXq6doH/v4/LZeNO3v1G06WCUZmyMEdIml1T?= =?us-ascii?Q?+2zF5VCxrMLne0aVqfEmjvw0Gvg15okuftlo7nWHkcyi5PBZLp2+Jdj1QuFd?= =?us-ascii?Q?3uERGRwJb8iBRFcX6EAWhYGx6zbqxxZMoYudoAJJxknd80SVsbUqtK04NxAL?= =?us-ascii?Q?AYJ5MpB43EVfoPIxnTmbViJm?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB1939.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 0fd696e4-4872-4b49-d680-08d90a402c21 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Apr 2021 12:21:38.3216 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 3i/6Y/Vb0epX07jrRvnMi/8SST1qnn5vT7vVPneiKqPmYFKQbFAWQo2NznEk7fb+X6gnKlga4OmX0Udh8gnrDcH1NiK7BvK99Y/w3f8yq4w= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB3332 X-TUID: fl6rJPLCM2bP Hi, While this patch definitely improves the situation, there are still a coupl= e of issues: 1. Reinstalling: When apt-get updating the package, the host's ssh-keys are removed. IMO it would be better to create a backup in the pre-rm step and restore th= at in postinst. An alternative would be, to remove the ssh keys using ISAR in a post-proces= sing step. Then no postinst script is required (that's similar to how the sshd-keygen@= .service in fedora works). 2. Systemd dependencies: It has to run as early as possible and anyways before the sshd-service. On some systems like fedora, there is already a sshd-keygen@.service that t= akes care of re-generating the keys if they are not present (as part of the= openssh-server package). We should conflict on that, or better auto-disable in case this service is = installed. I don't know if Debian plans to add something similar. 3. Compatibility with upstream If more distros accept the sshd-keygen service approach, we do not want to = diverge here. Maybe, it would be better to just port this approach to Debian / ISAR and d= eploy images without pre-installed ssh-keys. Best regards, Felix > -----Original Message----- > From: isar-users@googlegroups.com On > Behalf Of [ext] Henning Schild > Sent: Tuesday, March 30, 2021 12:17 PM > To: isar-users > Cc: Kiszka, Jan (T RDA IOT) ; Harald Seiler > ; Schild, Henning (T RDA IOT SES-DE) > > Subject: [PATCH v2] sshd-regen-keys: Improve service, make more robust >=20 > Switch to using "/usr/bin/ssh-keygen -A" instead of dpkg-reconfigure. > With this we would generate new host keys every time the service starts a= nd no > keys exist. Removing the keys from openssh-server in a postinst makes it > complete so that we really only generate on the first boot. >=20 > This is easier to handle that reusing the debian package hooks for key > generation. >=20 > Signed-off-by: Henning Schild > --- > .../sshd-regen-keys/files/postinst | 2 ++ > .../files/sshd-regen-keys.service | 4 +--- > .../sshd-regen-keys/files/sshd-regen-keys.sh | 20 ------------------- > .../sshd-regen-keys/sshd-regen-keys_0.3.bb | 17 ---------------- > .../sshd-regen-keys/sshd-regen-keys_0.4.bb | 14 +++++++++++++ > 5 files changed, 17 insertions(+), 40 deletions(-) delete mode 100644 > meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > delete mode 100644 meta/recipes-support/sshd-regen-keys/sshd-regen- > keys_0.3.bb > create mode 100644 meta/recipes-support/sshd-regen-keys/sshd-regen- > keys_0.4.bb >=20 > diff --git a/meta/recipes-support/sshd-regen-keys/files/postinst > b/meta/recipes-support/sshd-regen-keys/files/postinst > index ae722a7349a2..1c9b03e3e040 100644 > --- a/meta/recipes-support/sshd-regen-keys/files/postinst > +++ b/meta/recipes-support/sshd-regen-keys/files/postinst > @@ -1,4 +1,6 @@ > #!/bin/sh > set -e >=20 > +rm /etc/ssh/ssh_host_*_key* > + > systemctl enable sshd-regen-keys.service diff --git a/meta/recipes- > support/sshd-regen-keys/files/sshd-regen-keys.service b/meta/recipes- > support/sshd-regen-keys/files/sshd-regen-keys.service > index f50d34c820d8..af98d5e9e966 100644 > --- a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > +++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > @@ -9,9 +9,7 @@ ConditionPathIsReadWrite=3D/etc [Service] Type=3Donesho= t > RemainAfterExit=3Dyes -Environment=3DDEBIAN_FRONTEND=3Dnoninteractive > -ExecStart=3D/usr/sbin/sshd-regen-keys.sh > -ExecStartPost=3D-/bin/systemctl disable sshd-regen-keys.service > +ExecStart=3D/usr/bin/ssh-keygen -A > StandardOutput=3Dsyslog > StandardError=3Dsyslog >=20 > diff --git a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.s= h > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > deleted file mode 100644 > index 910d879ba51f..000000000000 > --- a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > +++ /dev/null > @@ -1,20 +0,0 @@ > -#!/usr/bin/env sh > - > -echo -n "SSH server is " > -if systemctl is-enabled ssh; then > - SSHD_ENABLED=3D"true" > - systemctl disable --no-reload ssh > -fi > - > -echo "Removing keys ..." > -rm -v /etc/ssh/ssh_host_*_key* > - > -echo "Regenerating keys ..." > -dpkg-reconfigure openssh-server > - > -if test -n $SSHD_ENABLED; then > - echo "Reenabling ssh server ..." > - systemctl enable --no-reload ssh > -fi > - > -sync > diff --git a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.3.bb > b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.3.bb > deleted file mode 100644 > index 6f12414239a3..000000000000 > --- a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.3.bb > +++ /dev/null > @@ -1,17 +0,0 @@ > -# This software is a part of ISAR. > -inherit dpkg-raw > - > -DESCRIPTION =3D "Systemd service to regenerate sshd keys" > -MAINTAINER =3D "isar-users " > -DEBIAN_DEPENDS =3D "openssh-server, systemd" > - > -SRC_URI =3D "file://postinst \ > - file://sshd-regen-keys.service \ > - file://sshd-regen-keys.sh" > - > -do_install[cleandirs] =3D "${D}/lib/systemd/system \ > - ${D}/usr/sbin" > -do_install() { > - install -v -m 644 "${WORKDIR}/sshd-regen-keys.service" > "${D}/lib/systemd/system/sshd-regen-keys.service" > - install -v -m 755 "${WORKDIR}/sshd-regen-keys.sh" "${D}/usr/sbin/ssh= d- > regen-keys.sh" > -} > diff --git a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.4.bb > b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.4.bb > new file mode 100644 > index 000000000000..9ce1d8d88300 > --- /dev/null > +++ b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.4.bb > @@ -0,0 +1,14 @@ > +# This software is a part of ISAR. > +inherit dpkg-raw > + > +DESCRIPTION =3D "Systemd service to regenerate sshd keys" > +MAINTAINER =3D "isar-users " > +DEBIAN_DEPENDS =3D "openssh-server, systemd" > + > +SRC_URI =3D "file://postinst \ > + file://sshd-regen-keys.service" > + > +do_install() { > + install -d -m 0755 "${D}/lib/systemd/system" > + install -m 0644 "${WORKDIR}/sshd-regen-keys.service" > "${D}/lib/systemd/system/sshd-regen-keys.service" > +} > -- > 2.26.3 >=20 > -- > You received this message because you are subscribed to the Google Groups > "isar-users" group. > To unsubscribe from this group and stop receiving emails from it, send an= email > to isar-users+unsubscribe@googlegroups.com. > To view this discussion on the web visit > https://eur01.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgroup= s.g > oogle.com%2Fd%2Fmsgid%2Fisar-users%2F20210330101722.10371-1- > henning.schild%2540siemens.com&data=3D04%7C01%7Cfelix.moessbauer%4 > 0siemens.com%7Ccf1624cf55db4c9c706708d8f36509a3%7C38ae3bcd95794fd4 > addab42e1495d55a%7C1%7C0%7C637526962559188131%7CUnknown%7CTWF > pbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6 > Mn0%3D%7C1000&sdata=3DbM6bgFd1Yq4Vo2tMGrR7GHzRWgSAQMB90vu > %2BHOa2eZ4%3D&reserved=3D0.