Remove SSH host keys after installing the custom version of sshd (#10633)

* Remove SSH host keys after installing the custom version of sshd

Signed-off-by: Saikrishna Arcot <[email protected]>

* Use an override for for sshd instead of overwriting the service file

Don't overwrite upstream's .service file, and instead use an override
file for making sure the host key(s) are generated.

Signed-off-by: Saikrishna Arcot <[email protected]>

Author: saiarcot895

build_debian.sh

@@ -400,7 +400,8 @@ sudo sed -i 's/LOAD_KEXEC=true/LOAD_KEXEC=false/' $FILESYSTEM_ROOT/etc/default/k
 ## Remove sshd host keys, and will regenerate on first sshd start
 sudo rm -f $FILESYSTEM_ROOT/etc/ssh/ssh_host_*_key*
 sudo cp files/sshd/host-ssh-keygen.sh $FILESYSTEM_ROOT/usr/local/bin/
-sudo cp -f files/sshd/sshd.service $FILESYSTEM_ROOT/lib/systemd/system/ssh.service
+sudo mkdir $FILESYSTEM_ROOT/etc/systemd/system/ssh.service.d
+sudo cp files/sshd/override.conf $FILESYSTEM_ROOT/etc/systemd/system/ssh.service.d/override.conf
 # Config sshd
 # 1. Set 'UseDNS' to 'no'
 # 2. Configure sshd to close all SSH connetions after 15 minutes of inactivity

files/build_templates/sonic_debian_extension.j2

@@ -329,6 +329,11 @@ sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/smartmontools_*.deb
 # Install custom-built openssh sshd
 sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/openssh-server_*.deb
 
+# Remove sshd host keys, and will regenerate on first sshd start. This needs to be
+# done again here because our custom version of sshd is being installed, which
+# will regenerate the sshd host keys.
+sudo rm -f $FILESYSTEM_ROOT/etc/ssh/ssh_host_*_key*
+
 {% if sonic_asic_platform == 'broadcom' %}
 # Install custom-built flashrom
 sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/flashrom_*.deb

files/sshd/override.conf

@@ -0,0 +1,4 @@
+[Service]
+ExecStartPre=
+ExecStartPre=/usr/local/bin/host-ssh-keygen.sh
+ExecStartPre=/usr/sbin/sshd -t