create new ssh keys for new jails instead of copying those from the host

It increases the security by having different keys between jails.
It reduces the risk of changing the keys of jails after creationtheir 
creation.
This commit is contained in:
Jérémy Lecour 2020-08-07 14:24:17 +02:00 committed by Jérémy Lecour
parent 1f29162da4
commit c141986a6d
2 changed files with 3 additions and 3 deletions

View File

@ -14,7 +14,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
* bkctld-update: start jail after upgrade if it was started before
* Split check into check-jails and check-setup
* bkctld-check-jails checks if jails
* bkctld-check-setup checks if the partition is mounted and writable, if firewall is configured and if all jails are started
* create new ssh keys for new jails instead of copying those from the host
### Deprecated

View File

@ -249,9 +249,7 @@ setup_jail_chroot() {
touch ./var/log/lastlog ./var/log/wtmp ./run/utmp
info "2 - Copying essential files"
[ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key ./etc/ssh
[ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key ./etc/ssh
[ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key ./etc/ssh
ssh-keygen -A -f .
touch "./${AUTHORIZED_KEYS}"
chmod 600 "./${AUTHORIZED_KEYS}"
cp "${passwd}" ./etc