Empty (zero byte) SSH host keys

Damien Miller djm at mindrot.org
Thu Jan 7 10:09:27 AEDT 2016


On Wed, 6 Jan 2016, Benjamin Drung wrote:

> Hi,
> 
> We create virtual machine image templates by doing automated minimal
> installations of different Linux distributions (via
> preseed/kickstarter/autoyast). At the end of the installation, we
> remove the SSH host keys (rm -f /etc/ssh/ssh*_key*). Fresh SSH host
> keys will be generated on the first boot of the image instances. This
> is done by adding a "dpkg-reconfigure openssh-server" call in
> /etc/rc.local (which calls ssh-keygen) on Debian/Ubuntu and by the init
> script of sshd on the other distributions.
> 
> This leads to working SSH server running on the virtual machines most
> of the times, but sometimes the SSH connection fails with "connection
> reset by peer". The investigation of Debian 7 "wheezy" images showed
> that these faulty machines have empty (zero byte) SSH host key files.
> These files do not exist before the machines are started, but they do
> exist before "dpkg-reconfigure openssh-server" is called.
> 
> So it seems that some process creates these empty SSH host key files.
> Can you help to further debugging this strange behavior? Does sshd
> create SSH host keys?

No, sshd only reads and never writes host keys. It's possible that
either ssh-keygen is failing during writing the keys out or there
is some bug in the init script that is calling it.

-d


More information about the openssh-unix-dev mailing list