From 6dd69c25fbab378801c65dddacb430e16701a33f Mon Sep 17 00:00:00 2001 From: miampf Date: Tue, 10 Dec 2024 12:37:39 +0100 Subject: [PATCH] ssh node image configuration --- image/base/mkosi.conf | 1 - .../usr/lib/systemd/system-preset/30-constellation.preset | 1 + .../usr/lib/systemd/system/create-host-ssh-key.service | 4 ++-- image/mirror/packages.txt | 1 - image/sysroot-tree/etc/ssh/ssh_config | 1 - image/sysroot-tree/etc/ssh/sshd_config | 2 ++ 6 files changed, 5 insertions(+), 5 deletions(-) delete mode 100644 image/sysroot-tree/etc/ssh/ssh_config diff --git a/image/base/mkosi.conf b/image/base/mkosi.conf index 3cab93550df..9201a05ff10 100644 --- a/image/base/mkosi.conf +++ b/image/base/mkosi.conf @@ -41,7 +41,6 @@ Packages=containerd # Network Packages=iproute dbus - openssh openssh-server systemd-networkd systemd-resolved diff --git a/image/base/mkosi.skeleton/usr/lib/systemd/system-preset/30-constellation.preset b/image/base/mkosi.skeleton/usr/lib/systemd/system-preset/30-constellation.preset index dcabbedd9cd..493434d54e7 100644 --- a/image/base/mkosi.skeleton/usr/lib/systemd/system-preset/30-constellation.preset +++ b/image/base/mkosi.skeleton/usr/lib/systemd/system-preset/30-constellation.preset @@ -10,3 +10,4 @@ enable measurements.service enable export_constellation_debug.service enable systemd-timesyncd enable udev-trigger.service +enable create-host-ssh-key.service diff --git a/image/base/mkosi.skeleton/usr/lib/systemd/system/create-host-ssh-key.service b/image/base/mkosi.skeleton/usr/lib/systemd/system/create-host-ssh-key.service index 4a23aba460a..b34d802db67 100644 --- a/image/base/mkosi.skeleton/usr/lib/systemd/system/create-host-ssh-key.service +++ b/image/base/mkosi.skeleton/usr/lib/systemd/system/create-host-ssh-key.service @@ -1,10 +1,10 @@ [Unit] Description=Create a host SSH key -Before=network-pre.target +Before=sshd.service [Service] Type=oneshot ExecStart=/bin/bash -c "ssh-keygen -t ecdsa -q -N '' -f /run/ssh_host_ecdsa_key" [Install] -WantedBy=network-pre.target +WantedBy=multi-user.target diff --git a/image/mirror/packages.txt b/image/mirror/packages.txt index 40dd2607160..9d6240a2e4e 100644 --- a/image/mirror/packages.txt +++ b/image/mirror/packages.txt @@ -19,7 +19,6 @@ mokutil nano nano-default-editor nvme-cli -openssh openssh-server passt-selinux passwd diff --git a/image/sysroot-tree/etc/ssh/ssh_config b/image/sysroot-tree/etc/ssh/ssh_config deleted file mode 100644 index 599c67c0e8b..00000000000 --- a/image/sysroot-tree/etc/ssh/ssh_config +++ /dev/null @@ -1 +0,0 @@ -UserKnownHostsFile /run/known_hosts diff --git a/image/sysroot-tree/etc/ssh/sshd_config b/image/sysroot-tree/etc/ssh/sshd_config index 4e298496b67..2b1060c4a0c 100644 --- a/image/sysroot-tree/etc/ssh/sshd_config +++ b/image/sysroot-tree/etc/ssh/sshd_config @@ -1 +1,3 @@ HostKey /run/ssh_host_ecdsa_key +TrustedUserCAKeys /run/ssh_ca.pub +PasswordAuthentication no