When are root's SSH keys generated?

Question

I have hosts with and without keys in /root/.ssh. I've noticed before some on screen feedback for SSH key generation on start up (first time.) But I am not sure what the catalyst is. I have looked in /root/anaconda-ks.cfg and don't see anything different that could lead to this.

What was chosen/enabled for the servers that do versus the ones that do not?

Note: I know I can do it manually -- I am just looking to understand when / how it is inconsistently generated.

score 4 · Accepted Answer · answered Nov 15 '10 at 22:07

4

I think you are confusing it with host keys.

Host keys are generated on first boot. (Well, or when the ssh server starts the first time).

The directory /root/.ssh is created when you first use ssh (the client). It stores the known_hosts file here (containing the public keys of hosts your have been connected before).

One can use ssh-keygen to create public/private keypair (it is name /root/.ssh/id_rsa and /root/.ssh/id_rsa.pub per default).

answered Nov 15 '10 at 22:07

cstamas

6,607
24
42

No, it's not host keys. I am looking at hosts with /root/.ssh/id_dsa /root/.ssh/id_dsa.pub that I am confident that no one has ran ssh-keygen on. I think Setup Agent is creating the keys via the firstboot service but can't confirm that with any documentation / URL. I can test it tomorrow. I just was hoping that someone in the SF community would know. – Aaron Copley Nov 15 '10 at 22:11
1

Oh, ok. I am not that familiar with rhel and anaconda. I can think of anaconda generating the keys for some post-install activity, but it can be just my imagination. – cstamas Nov 15 '10 at 22:30
You are exactly right. Sorry for not understanding what you meant, but I finally found it. What I was seeing on first boot was the do_*_keygen routines from sshd's init script. (/etc/rc.d/init.d/sshd) It checks for the existence of /etc/ssh_host_key, /etc/ssh_host_rsa_key, and /etc/ssh_host_dsa_key and creates them as necessary. Seems I had made an incorrect correlation that lead me to think it was root user's keys, not host keys. Sorry! – Aaron Copley Sep 15 '11 at 21:00

Arenstar · Answer 2 · 2010-11-17T03:45:43.883

0

Im 100% sure, you are talking about the keys when openssh-server is installed..

On basically every unix system, this happens on first boot after installation..
Regardless Im not sure i have ever seen a server without SSH..

Hope this helps.. :D

edited Nov 17 '10 at 03:45

answered Nov 16 '10 at 02:11

Arenstar

3,592
2
24
34

For what reason vote me down?? My answer is absolutely correct.. – Arenstar Nov 17 '10 at 03:44
No idea. I hate it when people do that without explanation. It's not correct in this case entirely but not worthy of a down vote. – Aaron Copley Nov 17 '10 at 20:17

When are root's SSH keys generated?

2 Answers2