diff options
author | Daniel Fullmer <danielrf12@gmail.com> | 2022-05-03 17:58:19 -0700 |
---|---|---|
committer | Daniel Fullmer <danielrf12@gmail.com> | 2022-05-03 22:09:43 -0700 |
commit | ad38a2a6464394697f0672717f39c1b6188c1a89 (patch) | |
tree | a44a32fcbfb41940a0b35d4875e4f0b2eed0fce3 /nixos/modules/services/networking/ssh | |
parent | 80703515158aff79661646cedeec98f787b161b1 (diff) | |
download | nixlib-ad38a2a6464394697f0672717f39c1b6188c1a89.tar nixlib-ad38a2a6464394697f0672717f39c1b6188c1a89.tar.gz nixlib-ad38a2a6464394697f0672717f39c1b6188c1a89.tar.bz2 nixlib-ad38a2a6464394697f0672717f39c1b6188c1a89.tar.lz nixlib-ad38a2a6464394697f0672717f39c1b6188c1a89.tar.xz nixlib-ad38a2a6464394697f0672717f39c1b6188c1a89.tar.zst nixlib-ad38a2a6464394697f0672717f39c1b6188c1a89.zip |
nixos/ssh: remove empty host key files before generating new ones
In a previous PR [1], the conditional to generate a new host key file was changed to also include the case when the file exists, but has zero size. This could occur when the system is uncleanly powered off shortly after first boot. However, ssh-keygen prompts the user before overwriting a file. For example: $ touch hi $ ssh-keygen -f hi Generating public/private rsa key pair. hi already exists. Overwrite (y/n)? So, lets just try to remove the empty file (if it exists) before running ssh-keygen. [1] https://github.com/NixOS/nixpkgs/pull/141258
Diffstat (limited to 'nixos/modules/services/networking/ssh')
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 230ab673a976..d467c3c0471c 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -441,6 +441,7 @@ in ${flip concatMapStrings cfg.hostKeys (k: '' if ! [ -s "${k.path}" ]; then + rm -f "${k.path}" ssh-keygen \ -t "${k.type}" \ ${if k ? bits then "-b ${toString k.bits}" else ""} \ |