Ken Caruso wrote: > Hello, > > I have a system without a USB key. I am contemplating changing the sshd > init script slightly to copy ssh keys when they are generated to > /stat/etc/ssh. > > It currently looks like this: > > > if [ ! -f /etc/ssh/ssh_host_key ] > then > cp -a /stat/etc/ssh/* /etc/ssh/ > echo "generating ssh hostkeys..." > /usr/bin/ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N '' > /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' > /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' > fi > > > I am thinking about changing it to: > > if [ ! -f /etc/ssh/ssh_host_key ] > then > cp -a /stat/etc/ssh/* /etc/ssh/ > echo "generating ssh hostkeys..." > /usr/bin/ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N '' > /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' > /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' > cp -a /etc/ssh/ssh_host_dsa_key.pub /stat/etc/ssh/ > cp -a /etc/ssh/ssh_host_dsa_key /stat/etc/ssh/ > cp -a /etc/ssh/ssh_host_key.pub /stat/etc/ssh/ > cp -a /etc/ssh/ssh_host_key /stat/etc/ssh/ > cp -a /etc/ssh/ssh_host_rsa_key.pub /stat/etc/ssh/ > cp -a /etc/ssh/ssh_host_rsa_key /stat/etc/ssh/ > fi > > So if they keys are generated they are copied to /stat/etc/ssh so > keep after a reboot. Any potential problems this might cause? I can understand not wanting to use a USB flash device for a key disk, but not using a keydisk partition at all, just doesn't make any sense. This project is designed to have a read-only area and a writable area for configuration data (and things like ssh keys). If you don't want to use a separate device, at least create a second partition on your CF drive and use that as the key disk. If you need help doing that, I'm sure several of us will get you pointed in the right direction.
Darrick -- Darrick Hartman DJH Solutions, LLC http://www.djhsolutions.com _______________________________________________ Astlinux-users mailing list [email protected] http://lists.kriscompanies.com/mailman/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED]
