0
sfx2000

Install Script - gen new machine-id and ssh-host keys, and maybe other machine specific items

Recommended Posts

Prior to entering an issue...

 

One of the challenges of using an image based install is how to cover to machine unique items...

 

Good example here is the systemd-machine-id... some systemd units can use machine-id in place of gethostid...

 

https://www.freedesktop.org/software/systemd/man/machine-id.html

 

It's supposed to be a unique qualifier for installation - but if this is written into the image, it's going to likely be the same for every image out there...

 

Can always regen it on the shell - but this could also be in the first run script...

 

$ cat /etc/machine-id \
  && sudo rm -rf /var/lib/dbus/machine-id \
  && sudo rm -rf /etc/machine-id \
  && sudo dbus-uuidgen --ensure \
  && sudo systemd-machine-id-setup \
  && cat /etc/machine-id 

 

The other is the ssh_host* keys - which is a bit more important, as we don't neccessarily want every install to have the same ssh_host oriented keys...

 

$ sudo /bin/rm -v /etc/ssh/ssh_host_*
$ sudo dpkg-reconfigure openssh-server
$ sudo systemctl restart ssh

This one can cause issues with subsequent sessions, if the openssh-client is doing strict checking - easy enough to fix using ssh-keygen -f "<local path to .ssh/known_hosts" -R ipaddr

 

Are there other considerations - for example, locally administered OUI's for Ethernet/WiFi if they don't have a eeprom burned global OUI?

 

Thoughts?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
0