So I was tasked with creating a Ubuntu vm template for deployment in a KVM environment. One of the things that was required was to have a fresh set of rsa keys generated for the new vm each time the template is deployed. Redhat based distributions take care of this in their /etc/init.d/sshd script but because the Debian script lacks it, I have made a service to do it on boot. This is how I went about it after looking though sever different tutorials.
1.) Clean the VM of it's existing rsa keys.
rm -rf /ect/ssh/ssh_host_*
2.) Create a new script at /etc/init.d/ssh_gen_host_keys
#!/bin/sh### BEGIN INIT INFO# Provides: Generates new ssh host keys on first boot# Required-Start:# Required-Stop:# Default-Start: 2 3 4 5# Default-Stop:# Short-Description: Generates new ssh host keys on first boot# Description: Generates new ssh host keys on first boot### END INIT INFOcase "$1" instart)iftest -f /etc/ssh/ssh_host_rsa_keythenecho "rsa key found"elsessh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''fiiftest -f /etc/ssh/ssh_host_dsa_keythenecho "dsa key found"elsessh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''fi;;esacexit 0
3.) Chmod the script to make it executable.
chmod a+x /etc/init.d/ssh_gen_host_keys
4.) Add the script to your boot scripts making sure to put them at times in the boot that will not conflict with required services (networking, ssh etc...)
update-rc.d ssh_gen_host_keys defaults 15 90
5.) Make sure to clean your image of logs, bash history, package cache and anything else and enjoy your fresh rsa keys on your next deployed vm.
As a side note, you can very easily add extra error reporting to this script and additional functionality like removing the script after completion. You could also roll this script into your /etc/init.d/ssh with a little work.
No comments:
Post a Comment