From mboxrd@z Thu Jan 1 00:00:00 1970 From: George myglc2 Clemmer Subject: How best to set host key in vm Date: Tue, 06 Feb 2018 15:58:16 -0500 Message-ID: <86tvut25uf.fsf@gmail.com> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:52747) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ejAJq-0003Iy-Hl for help-guix@gnu.org; Tue, 06 Feb 2018 15:58:23 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ejAJn-0004UT-7i for help-guix@gnu.org; Tue, 06 Feb 2018 15:58:22 -0500 Received: from mail-qk0-x235.google.com ([2607:f8b0:400d:c09::235]:40115) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ejAJn-0004UG-2h for help-guix@gnu.org; Tue, 06 Feb 2018 15:58:19 -0500 Received: by mail-qk0-x235.google.com with SMTP id e20so879972qkm.7 for ; Tue, 06 Feb 2018 12:58:18 -0800 (PST) Received: from g1 (c-73-167-118-254.hsd1.ma.comcast.net. [73.167.118.254]) by smtp.gmail.com with ESMTPSA id d20sm7921813qte.88.2018.02.06.12.58.16 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 06 Feb 2018 12:58:17 -0800 (PST) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: help-guix I want to set the host key in 'guix system vm-image' so that updating a VM config does not break that VM's host key entry in my client machine ~/.ssh/knownhosts files. AFAIK there is no direct way to do this. I tried this ... (services (cons* [...] (extra-special-file "/etc/ssh/ssh_host_ed25519_key" (local-file "ssh_host_ed25519_key")) (extra-special-file "/etc/ssh/ssh_host_ed25519_key.pub" (local-file "ssh_host_ed25519_key.pub")) ) ... which does work but naturally throws errors ... localhost sshd[236]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ localhost sshd[236]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ localhost sshd[236]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ localhost sshd[236]: error: Permissions 0444 for '/etc/ssh/ssh_host_ed25519_key' are too open. localhost sshd[236]: error: It is required that your private key files are NOT accessible by others. localhost sshd[236]: error: This private key will be ignored. localhost sshd[236]: error: key_load_private: bad permissions localhost sshd[236]: error: Could not load host key:/etc/ssh/ssh_host_ed25519_key localhost sshd[236]: Accepted publickey for g1 from 192.168.1.14 port 56311 ssh2: RSA SHA256:RAXP4+5SU3UN09NL+QwkQmAsLIoDa8Wq6Bi61DzUScY When I specifyed only the public key, new private and public keys were generated by, I guess, the first boot. Suggestions? TIA - George