zabpehely
/
PiShrink
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed ssh host keys not regenerating 

When using the -p option, the ssh host keys would be deleted, but not regenerated, rendering ssh unusable.
fixes #168 but relies on the host system to regenerate keys on non-Raspbian distros
This commit is contained in:
Sean 2022-11-11 18:40:12 -08:00
parent 43f1a885cd
commit c962994481
1 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
pishrink.sh
View File

@ -316,7 +316,36 @@ if [[ $prep == true ]]; then
info "Syspreping: Removing logs, apt archives, dhcp leases and ssh hostkeys"
mountdir=$(mktemp -d)
mount "$loopback" "$mountdir"
rm -rvf $mountdir/var/cache/apt/archives/* $mountdir/var/lib/dhcpcd5/* $mountdir/var/log/* $mountdir/var/tmp/* $mountdir/tmp/* $mountdir/etc/ssh/*_host_*
rm -rvf $mountdir/var/cache/apt/archives/* $mountdir/var/lib/dhcpcd5/* $mountdir/var/log/* $mountdir/var/tmp/* $mountdir/tmp/*
#check if openssh is enabled
if [[ -f "$mountdir/etc/systemd/system/multi-user.target.wants/ssh.service" ]]; then
if [[ -f "$mountdir/lib/systemd/system/regenerate_ssh_host_keys.service" ]] && [[ -d "$mountdir/etc/systemd/system/multi-user.target.wants" ]]; then
ln -s $mountdir/lib/systemd/system/regenerate_ssh_host_keys.service $mountdir/etc/systemd/system/multi-user.target.wants/regenerate_ssh_host_keys.service
info "host keys on disk remain but should regenerate on first boot."
else
#key regeneration relies on using the host to regenerate the keys
if ! command -v ssh-keygen &> /dev/null; then
info "WARNING: could not locate ssh-keygen command, keeping old keys"
else
if [ -c /dev/hwrng ]; then
dd if=/dev/hwrng of=/dev/urandom count=1 bs=4096 status=none
fi
rm -f $mountdir/etc/ssh/ssh_host_*_key*
ssh-keygen -A -f $mountdir/etc/ssh > /dev/null
fi
fi
#check if dropbear is enabled
elif [[ -f "$mountdir/etc/init.d/dropbear" ]]; then
#key regeneration relies on using the host to regenerate the keys
if ! command -v dropbearkey &> /dev/null; then
info "WARNING: could not locate dropbearkey command, keeping old keys"
else
rm -f $mountdir/etc/dropbear/dropbear_*_host_key
dropbearkey -t rsa -f $mountdir/etc/dropbear/dropbear_rsa_host_key
dropbearkey -t ecdsa -f $mountdir/etc/dropbear/dropbear_ecdsa_host_key
dropbearkey -t ed25519 -f $mountdir/etc/dropbear/dropbear_ed25519_host_key
fi
fi
umount "$mountdir"
fi