non-unique ssh host keys on containers?

[nekatreven]

I've downloaded an Ubuntu template from the OpenVZ site and also one from the appliances section of download.proxmox.com.

I've noticed that in /etc/ssh/ there are already host keys in there. Do they get regenerated? If so, how does the template know to do so?

I'm asking because I made a custom version of one of these and deployed it to 6 or 7 containers and then noticed they all had the same ssh host keys.

Thoughts?

 

[tom]

use squeeze container, all debian templates are build with dab, therefore with unique keys. I suggest you post the issue also to the maintainers of this template (openvz).

 

[nekatreven]

For anyone else looking into this:

I found what I needed on one of openvz's wiki pages about creating a new debian template manually. They use a startup script that regenerates the host keys and them removes itself. On my Ubuntu template there is '/etc/rc2.d/S11sshhack' which calls '/etc/init.d/ssh_key_hack.sh'. The second file regenerates the keys and then removes both of the files. It looks as if the filenames and exact method can vary, but so far all of them I've seen originate in rc2.d

Note that they have a slightly different (although similar) arrangement on newer systems that use dependency-based booting. I understand squeeze is one example of this, but we aren't running anything that new yet.

I have no information as to whether the method I've just described is the same method that dab uses. I found what I needed so I never looked into that part.