VM templates and RSA keys.

So I was tasked with creating a Ubuntu vm template for deployment in a KVM environment. One of the things that was required was to have a fresh set of rsa keys generated for the new vm each time the template is deployed. Redhat based distributions take care of this in their /etc/init.d/sshd script but because the Debian script lacks it, I have made a service to do it on boot. This is how I went about it after looking though sever different tutorials.

1.) Clean the VM of it's existing rsa keys.

rm -rf /ect/ssh/ssh_host_*

2.) Create a new script at /etc/init.d/ssh_gen_host_keys

#!/bin/sh

### BEGIN INIT INFO

# Provides: Generates new ssh host keys on first boot

# Required-Start:

# Required-Stop:

# Default-Start: 2 3 4 5

# Default-Stop:

# Short-Description: Generates new ssh host keys on first boot

# Description: Generates new ssh host keys on first boot

### END INIT INFO

case "$1" in

start)

if

test -f /etc/ssh/ssh_host_rsa_key

then

echo "rsa key found"

else

ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''

fi

if

test -f /etc/ssh/ssh_host_dsa_key

then

echo "dsa key found"

else

ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''

fi

;;

esac

exit 0

3.) Chmod the script to make it executable.

chmod a+x /etc/init.d/ssh_gen_host_keys

4.) Add the script to your boot scripts making sure to put them at times in the boot that will not conflict with required services (networking, ssh etc...)

update-rc.d ssh_gen_host_keys defaults 15 90

5.) Make sure to clean your image of logs, bash history, package cache and anything else and enjoy your fresh rsa keys on your next deployed vm.

As a side note, you can very easily add extra error reporting to this script and additional functionality like removing the script after completion. You could also roll this script into your /etc/init.d/ssh with a little work.

Find Identify and Kill -9

I've decided to start keeping a useful tools blog so that when I can't remember a How To I can return to the blog and find it. Hopefully this will also provide some others with little bits of knowledge here and there.Tonight, my media center was hung, and unresponsive, and because I knew the (partial) name of the process, I could end the hung process with the following:

ps auxww | awk '/YourProcessName/ {print$1}' | xargs kill -9

We are using "ps" to list the processes, awk is then extracting the correct PID (the $1 -first contiguous field in the string.) Last but not least, we are piping that to xargs which allows us to use the found PID for the argument for the kill -9 command.
Simple but useful.
As a side note, @Monkeynova mentioned the "..foomatic | tac | grep foo" command to replace "..foomatic | tail -n {#} | grep foo" i thought this was pretty swell.