3 # Copyright (C) 2011 GRNET S.A.
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation; either version 2 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 # General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program; if not, write to the Free Software
17 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21 # Provides: DeleteSSHKeys
22 # RunBefore: EnforcePersonality
23 # RunAfter: MountImage
24 # Short-Description: Remove ssh keys and in some cases recreate them
28 . "@commondir@/common.sh"
30 trap task_cleanup EXIT
33 # Check if the task should be prevented from running.
36 if [ ! -d "$SNF_IMAGE_TARGET" ]; then
37 log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing."
40 if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" != "linux" ]; then
44 distro=$(get_base_distro "$SNF_IMAGE_TARGET")
46 HOST_KEY="/etc/ssh/ssh_host_key"
47 RSA_KEY="/etc/ssh/ssh_host_rsa_key"
48 DSA_KEY="/etc/ssh/ssh_host_dsa_key"
49 ECDSA_KEY="/etc/ssh/ssh_host_ecdsa_key"
51 target="$SNF_IMAGE_TARGET"
53 #Remove the default keys
54 for pair in "$HOST_KEY@rsa1" "$RSA_KEY@rsa" "$DSA_KEY@dsa" "$ECDSA_KEY@ecdsa"; do
55 key=$(echo $pair | cut -d@ -f1)
56 key_type=$(echo $pair | cut -d@ -f2)
57 if [ -e "$target/$key" ]; then
58 rm -f "$target/$key"{,.pub}
59 if [ "x$distro" = "xdebian" ]; then
61 env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
62 ssh-keygen -t $key_type -q -N '' -f "$key"
67 config="$target/etc/ssh/sshd_config"
68 if [ ! -e "$config" ]; then
69 warn "Config file: \`$config' is missing."
70 warn "Can't check for non-default keys."
74 # Remove non-default keys...
75 grep ^HostKey "$config" || true | while read key_line; do
76 key=$(echo $key_line | cut -d" " -f2)
77 if [ "$key" = $HOST_KEY -o "$key" = $RSA_KEY -o \
78 "$key" = $DSA_KEY -o "$key" = $ECDSA_KEY ]; then
82 if [ "x$distro" = "xdebian" ]; then
83 # Most distros recreate missing keys...debian complains
85 if [ -e "$target/$key" ]; then
86 if grep -e "-----BEGIN DSA PRIVATE KEY-----" "$target/$key"; then
88 elif grep -e "-----BEGIN EC PRIVATE KEY-----" "$target/$key"; then
90 elif grep -e "-----BEGIN RSA PRIVATE KEY-----" "$target/$key"; then
92 elif grep -e "SSH PRIVATE KEY FILE FORMAT" "$target/$key"; then
95 else # do some guessing...
96 for i in rsa dsa ecdsa; do
97 if echo "$key" | grep _${i}_ > /dev/null; then
103 if [ -z "$type" ]; then
104 echo "Warning: Unknown key type. I'll use \`rsa1'";
108 rm -f "$target/$key"{,.pub}
110 env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
111 ssh-keygen -t $type -q -N '' -f "$key"
113 rm -f "$target/$key"{,.pub}
119 # vim: set sta sts=4 shiftwidth=4 sw=4 et ai :