ssh node image configuration

edgelesssys · Dec 19, 2024 · 6dd69c2 · 6dd69c2
1 parent cd1e9b7
commit 6dd69c2
Show file tree

Hide file tree

Showing 6 changed files with 5 additions and 5 deletions.
diff --git a/image/base/mkosi.conf b/image/base/mkosi.conf
@@ -41,7 +41,6 @@ Packages=containerd
 # Network
 Packages=iproute
          dbus
-         openssh
          openssh-server
          systemd-networkd
          systemd-resolved

diff --git a/image/base/mkosi.skeleton/usr/lib/systemd/system-preset/30-constellation.preset b/image/base/mkosi.skeleton/usr/lib/systemd/system-preset/30-constellation.preset
@@ -10,3 +10,4 @@ enable measurements.service
 enable export_constellation_debug.service
 enable systemd-timesyncd
 enable udev-trigger.service
+enable create-host-ssh-key.service
diff --git a/image/base/mkosi.skeleton/usr/lib/systemd/system/create-host-ssh-key.service b/image/base/mkosi.skeleton/usr/lib/systemd/system/create-host-ssh-key.service
@@ -1,10 +1,10 @@
 [Unit]
 Description=Create a host SSH key
-Before=network-pre.target
+Before=sshd.service
 
 [Service]
 Type=oneshot
 ExecStart=/bin/bash -c "ssh-keygen -t ecdsa -q -N '' -f /run/ssh_host_ecdsa_key"
 
 [Install]
-WantedBy=network-pre.target
+WantedBy=multi-user.target
diff --git a/image/mirror/packages.txt b/image/mirror/packages.txt
@@ -19,7 +19,6 @@ mokutil
 nano
 nano-default-editor
 nvme-cli
-openssh
 openssh-server
 passt-selinux
 passwd

diff --git a/image/sysroot-tree/etc/ssh/ssh_config b/image/sysroot-tree/etc/ssh/ssh_config
diff --git a/image/sysroot-tree/etc/ssh/sshd_config b/image/sysroot-tree/etc/ssh/sshd_config
@@ -1 +1,3 @@
 HostKey /run/ssh_host_ecdsa_key
+TrustedUserCAKeys /run/ssh_ca.pub
+PasswordAuthentication no