Fix failing systemd ssh.service

SSH needs host keys which previously were generated by
ssh-keygen.service. But the generation of the host keys is not a
"service" and must only be done when no host keys exist.

Also ssh-bootoption.service was aliased with sshd.service which itself
depends on the kernel option "ssh" which prevents starting of ssh. So I
removed the alias entry.

diff --git a/etc/grml/fai/config/files/etc/systemd/system/ssh-bootoption.service/GRMLBASE b/etc/grml/fai/config/files/etc/systemd/system/ssh-bootoption.service/GRMLBASE
index fafa20f..175fa9c 100644 (file)
--- a/etc/grml/fai/config/files/etc/systemd/system/ssh-bootoption.service/GRMLBASE
+++ b/etc/grml/fai/config/files/etc/systemd/system/ssh-bootoption.service/GRMLBASE
@@ -4,7 +4,7 @@
 
 [Unit]
 Description=OpenBSD Secure Shell server
-After=ssh-keygen network.target auditd.service
+After=network.target auditd.service
 ConditionKernelCommandLine=ssh
 ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
 
@@ -17,4 +17,3 @@ Restart=on-failure
 
 [Install]
 WantedBy=multi-user.target
-Alias=sshd.service

diff --git a/etc/grml/fai/config/files/etc/systemd/system/ssh-keygen.service/GRMLBASE b/etc/grml/fai/config/files/etc/systemd/system/ssh-keygen.service/GRMLBASE
deleted file mode 100644 (file)
index b39cb47..0000000
--- a/etc/grml/fai/config/files/etc/systemd/system/ssh-keygen.service/GRMLBASE
+++ /dev/null
@@ -1,14 +0,0 @@
-# This file was deployed via grml-live's
-# ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/15-initsetup, using
-# ${GRML_FAI_CONFIG}/config/files/etc/systemd/system/ssh-keygen.service/GRMLBASE
-
-[Unit]
-Description=SSH keygen
-Before=ssh.service
-
-[Service]
-ExecStart=/usr/bin/ssh-keygen -t rsa     -f /etc/ssh/ssh_host_rsa_key     -C '' -N ''
-ExecStart=/usr/bin/ssh-keygen -t dsa     -f /etc/ssh/ssh_host_dsa_key     -C '' -N ''
-ExecStart=/usr/bin/ssh-keygen -t ecdsa   -f /etc/ssh/ssh_host_ecdsa_key   -C '' -N ''
-ExecStart=/usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -C '' -N ''
-Type=oneshot

diff --git a/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE b/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE
new file mode 100644 (file)
index 0000000..1345898
--- /dev/null
+++ b/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE
@@ -0,0 +1,24 @@
+# This file was deployed via grml-live's
+# ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/15-initsetup, using
+# ${GRML_FAI_CONFIG}/config/files/etc/systemd/system/ssh.service/GRMLBASE
+
+[Unit]
+Description=OpenBSD Secure Shell server
+After=network.target auditd.service
+ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
+
+[Service]
+EnvironmentFile=-/etc/default/ssh
+ExecStartPre=-/bin/sh -c "[ ! -f /etc/ssh/ssh_host_rsa_key ]      && /usr/bin/ssh-keygen -t rsa     -f /etc/ssh/ssh_host_rsa_key     -C '' -N ''"
+ExecStartPre=-/bin/sh -c "[ ! -f /etc/ssh/ssh_host_dsa_key ]      && /usr/bin/ssh-keygen -t dsa     -f /etc/ssh/ssh_host_dsa_key     -C '' -N ''"
+ExecStartPre=-/bin/sh -c "[ ! -f /etc/ssh/ssh_host_ecdsa_key ]    && /usr/bin/ssh-keygen -t ecdsa   -f /etc/ssh/ssh_host_ecdsa_key   -C '' -N ''"
+ExecStartPre=-/bin/sh -c "[ ! -f /etc/ssh/ssh_host_ed25519_key ]  && /usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -C '' -N ''"
+ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+Alias=sshd.service
+