Do not erase existing SSH host keys during first boot
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Raspbian |
New
|
Undecided
|
Unassigned |
Bug Description
Please allow people to deploy their own SSH host keys prior to first boot.
The /etc/ssh/ directory is devoid of SSH host keys from the start so it is feasible to rem out the one line in the systemd unit file causing the trouble. See the diff below.
One use-case: This will allow host certificates to be used when deploying a larger number of devices. The SSH host certificates help authenticate the device to the client (yes, that direction) during the first remote login over SSH. For that, a known SSH host key must be deployed on the device along with a valid, matching signature for that key from the designated Certificate Authority. If the SSH host key is replaced during first boot then the signature becomes, of course, invalid and must be replaced. Installing or replacing the certificates after first boot requires many more steps than deploying it beforehand, and it means a bit of uncertainty. Using host certificates means each device can still have unique SSH host keys, however they must be signed in advance. So for the pre-boot deployment of SSH host certificate to be viable, any SSH host keys existing in /etc/ssh/ must be preserved.
sshd_config is already untouched during first boot, as are a few other files there in /etc/ssh/.
$ diff regenerate_
2c2
< Description=
---
> Description=
9,10c9,10
< # ExecStartPre=
< ExecStart=/bin/sh -c "/usr/bin/test -f /etc/ssh/
---
> ExecStartPre=
> ExecStart=