4 # Provides: DeleteSSHKeys
5 # RunBefore: UmountImage
7 # Short-Description: Remove ssh keys and in some cases recreate them
11 . "@commondir@/common.sh"
13 if [ ! -d "$SNF_IMAGE_TARGET" ]; then
14 log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing."
17 target="$SNF_IMAGE_TARGET"
19 if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" != "linux" ]; then
25 distro=$(get_base_distro "$SNF_IMAGE_TARGET")
27 HOST_KEY="/etc/ssh/ssh_host_key"
28 RSA_KEY="/etc/ssh/ssh_host_rsa_key"
29 DSA_KEY="/etc/ssh/ssh_host_dsa_key"
30 ECDSA_KEY="/etc/ssh/ssh_host_ecdsa_key"
33 #Remove the default keys
34 for pair in "$HOST_KEY@rsa1" "$RSA_KEY@rsa" "$DSA_KEY@dsa" "$ECDSA_KEY@ecdsa"; do
35 key=$(echo $pair | cut -d@ -f1)
36 key_type=$(echo $pair | cut -d@ -f2)
37 if [ -e "$target/$key" ]; then
38 rm -f "$target/$key"{,.pub}
39 if [ "x$distro" = "xdebian" ]; then
41 env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
42 ssh-keygen -t $key_type -q -N '' -f "$key"
47 config="$target/etc/ssh/sshd_config"
48 if [ ! -e "$config" ]; then
49 echo "Warning: Config file: \`$config' is missing."
50 echo "Warning: Can't check for non-default keys."
56 # Remove non-default keys...
57 grep ^HostKey "$config" | while read key_line; do
58 key=$(echo $key_line | cut -d" " -f2)
59 if [ "$key" = $HOST_KEY -o "$key" = $RSA_KEY -o \
60 "$key" = $DSA_KEY -o "$key" = $ECDSA_KEY ]; then
64 if [ "x$distro" = "xdebian" ]; then
65 # Most distros recreate missing keys...debian complains
67 if [ -e "$target/$key" ]; then
68 if grep -e "-----BEGIN DSA PRIVATE KEY-----" "$target/$key"; then
70 elif grep -e "-----BEGIN EC PRIVATE KEY-----" "$target/$key"; then
72 elif grep -e "-----BEGIN RSA PRIVATE KEY-----" "$target/$key"; then
74 elif grep -e "SSH PRIVATE KEY FILE FORMAT" "$target/$key"; then
77 else # do some guessing...
78 for i in rsa dsa ecdsa; do
79 echo "$key" | grep _${i}_ && { type="$i"; break; }
82 if [ -z "$type" ]; then
83 echo "Warning: Unknown key type. I'll use \`rsa1'";
87 rm -f "$target/$key"{,.pub}
89 env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
90 ssh-keygen -t $type -q -N '' -f "$key"
92 rm -f "$target/$key"{,.pub}
101 # vim: set sta sts=4 shiftwidth=4 sw=4 et ai :