cloud-init-dev team mailing list archive

[Ryan Harper <ryan.harper@xxxxxxxxxxxxx>]

On Wed, Aug 1, 2018 at 12:09 PM Scott Moser <ssmoser2+ubuntu@xxxxxxxxx> wrote:
>
> I do not think we should leave this line in the file.
> Thats confusing.  No other distro's cloud.cfg would
> have such a line.
>
>
> Diff comments:
>
> > diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl
> > index 5619de3..1fef133 100644
> > --- a/config/cloud.cfg.tmpl
> > +++ b/config/cloud.cfg.tmpl
> > @@ -24,8 +24,6 @@ disable_root: true
> >  {% if variant in ["centos", "fedora", "rhel"] %}
> >  mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2']
> >  resize_rootfs_tmp: /dev
> > -ssh_deletekeys:   0
> > -ssh_genkeytypes:  ~
>
> if we left it as null, it would not generate any keys.
> We need it to generate keys.

Why? isn't ssh-keygen service generating keys?

>
> You are correct in that it will generate the default key
> types for cloud-init, which will not necessarily be the
> same as those in ssh-keygen service.
>
> However, cloud-init will *remove* all ssh host keys that match
>   /etc/ssh/ssh_host_*key*
> So we wont' have stale keys sitting around.

Hrm, is the goal then to to have cloud-init wipe *all* keys even if it didn't
generate them on new-instance?  That would include any keys generated
by the ssh-keygen service?  And if so, is that OK for cloud-init to do?

And from above, if ssh-keygen service is already creating keys, should
cloud-init create keys as well?

-- 
https://code.launchpad.net/~smoser/cloud-init/+git/cloud-init/+merge/349359
Your team cloud-init commiters is requested to review the proposed merge of ~smoser/cloud-init:fix/1781094-ssh-deletekeys into cloud-init:master.