[SOLVED] Ancient Debian 6 LXC templates need new ssh-keygen

[apmuthu]

Attempted building a Debian 6 (Squeeze) template and could not SFTP into it as the old keys were not loading.
Solved it on the LXC console with:

ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" <<< $'\ny' >/dev/null 2>&1
ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N "" <<< $'\ny' >/dev/null 2>&1

The above non-interactive mode does not seem to work in the webapp_setup file in the LXC Template but the following works:

rm -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N ""

rm /etc/ssh/ssh_host_dsa_key
ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N ""

 

[tom]

Please do not use outdated systems like Debian Squeeze. I know you are a fan of totally outdated and insecure systems, but for all others, please never install such outdated and insecure systems.

 

[apmuthu]

This is meant for recovery and resotarion before moving onto PVE 7.x. Otherwise everyone will be stuck in PVE 3.2 and OpenVZ only and old hardware that is supported by the old kernel on older PVEs. The basic ability of using SFTP needs a working ssh key.

 

[Neobin]

Otherwise everyone will be stuck in PVE 3.2

I really doubt that there are much people out there, still running a over 8 year old [1] and since over 5 years EOL [2] PVE-version.

But all those Retro-Proxmox-Fans may tell me otherwise...

[1] https://pve.proxmox.com/wiki/Roadmap#Proxmox_VE_3.2
[2] https://pve.proxmox.com/wiki/FAQ

 

[apmuthu]

You will be surprised how many users still run PVE 1.9 and PVE 3.4 with OpenVZ. Many just do not want to change. Why fix it if it ain't broken and no great requirement in OS / Hardware change is there?

Difficult for an old dog to learn new tricks especially if they do not want anything more than an ext3/4 fs and do not care for the esoteric ceph/zfs/corosync/firewall functionalities.

When any PVE version goes EOL, a new ISO that rolls up all updates should be released so that bandwidth requirements can be minimised at the project servers end with no updates provided or anticipated. This will make up for absence of support thereafter building trust in the product. Abruptly retiring old wiki articles will leave those users out on a limb. No one should dictate which version anyone should use and caveats like latest version is safe must be taken with a pinch of salt - it is only that vulnerabilities have yet to be found.

In fact somewhere deep in the forums or archived articles, some SIngapore datacenters recycled their 32 bit servers by re-compiling PVE 3.4 from source - those critical dependencies' sources are now extinct.

Why would anyone want to discard old hardware that still works when poor exchange rates and paucity of liquidity prevent the purchase of newer (and more "controlled") hardware?