From a3980a3f9182f014b6bcc1f026ef9ed007c39c97 Mon Sep 17 00:00:00 2001
From: Anders Ingemann <anders@ingemann.de>
Date: Fri, 5 Jul 2013 00:04:45 +0200
Subject: [PATCH] Shred ECDSA keys when bootstrapping, regenerate at 1st boot

---
 init.d/{ => squeeze}/generate-ssh-hostkeys |  0
 init.d/wheezy/generate-ssh-hostkeys        | 36 ++++++++++++++++++++++
 tasks/60-cleanup                           |  7 -----
 tasks/squeeze/50-add-init-scripts          |  3 ++
 tasks/squeeze/62-delete-host-keys          |  7 +++++
 tasks/{ => wheezy}/50-add-init-scripts     |  2 +-
 tasks/wheezy/62-delete-host-keys           |  9 ++++++
 7 files changed, 56 insertions(+), 8 deletions(-)
 rename init.d/{ => squeeze}/generate-ssh-hostkeys (100%)
 create mode 100644 init.d/wheezy/generate-ssh-hostkeys
 create mode 100644 tasks/squeeze/50-add-init-scripts
 create mode 100644 tasks/squeeze/62-delete-host-keys
 rename tasks/{ => wheezy}/50-add-init-scripts (51%)
 create mode 100644 tasks/wheezy/62-delete-host-keys

diff --git a/init.d/generate-ssh-hostkeys b/init.d/squeeze/generate-ssh-hostkeys
similarity index 100%
rename from init.d/generate-ssh-hostkeys
rename to init.d/squeeze/generate-ssh-hostkeys
diff --git a/init.d/wheezy/generate-ssh-hostkeys b/init.d/wheezy/generate-ssh-hostkeys
new file mode 100644
index 0000000..c9efb12
--- /dev/null
+++ b/init.d/wheezy/generate-ssh-hostkeys
@@ -0,0 +1,36 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:       generate-ssh-hostkeys
+# Required-Start: $local_fs
+# Required-Stop:  
+# Should-Start:   
+# Should-Stop:    
+# Default-Start:  S
+# Default-Stop:   
+# Description:    Generate ssh host keys if they do not exist
+### END INIT INFO
+
+prog=$(basename $0)
+logger="logger -t $prog"
+
+rsa_key="/etc/ssh/ssh_host_rsa_key"
+dsa_key="/etc/ssh/ssh_host_dsa_key"
+ecdsa_key="/etc/ssh/ssh_host_ecdsa_key"
+
+# Exit if the hostkeys already exist
+if [ -f $rsa_key -a -f $dsa_key -a -f $ecdsa_key ]; then
+	exit
+fi
+
+# Generate the ssh host keys
+[ -f $rsa_key ] || ssh-keygen -f $rsa_key -t rsa -C 'host' -N ''
+[ -f $dsa_key ] || ssh-keygen -f $dsa_key -t dsa -C 'host' -N ''
+[ -f $ecdsa_key ] || ssh-keygen -f $ecdsa_key -t ecdsa -C 'host' -N ''
+
+# Output the public keys to the console
+# This allows user to get host keys securely through console log
+echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" | $logger
+ssh-keygen -l -f $rsa_key.pub | $logger
+ssh-keygen -l -f $dsa_key.pub | $logger
+ssh-keygen -l -f $ecdsa_key.pub | $logger
+echo "------END SSH HOST KEY FINGERPRINTS------" | $logger
diff --git a/tasks/60-cleanup b/tasks/60-cleanup
index 429127b..5782b8d 100644
--- a/tasks/60-cleanup
+++ b/tasks/60-cleanup
@@ -1,13 +1,6 @@
 #!/bin/bash
 # Clean up the image
 
-# Remove the ssh host keys, they need to be shredded
-shred --remove \
-	$imagedir/etc/ssh/ssh_host_dsa_key \
-	$imagedir/etc/ssh/ssh_host_dsa_key.pub \
-	$imagedir/etc/ssh/ssh_host_rsa_key \
-	$imagedir/etc/ssh/ssh_host_rsa_key.pub
-
 # We do the same to the bash history, there shouldn't be anything sensitive in there,
 # it's just in case plugins need to execute commands that have credentials in their parameters.
 # In fact: The standard bootstrapping process does not even create it.
diff --git a/tasks/squeeze/50-add-init-scripts b/tasks/squeeze/50-add-init-scripts
new file mode 100644
index 0000000..543eea9
--- /dev/null
+++ b/tasks/squeeze/50-add-init-scripts
@@ -0,0 +1,3 @@
+#!/bin/bash
+# Add standard startup scripts to the init_scripts list
+init_scripts+=("$scriptdir/init.d/squeeze/generate-ssh-hostkeys")
diff --git a/tasks/squeeze/62-delete-host-keys b/tasks/squeeze/62-delete-host-keys
new file mode 100644
index 0000000..e9897f7
--- /dev/null
+++ b/tasks/squeeze/62-delete-host-keys
@@ -0,0 +1,7 @@
+#!/bin/bash
+# Remove the ssh host keys, they need to be shredded
+shred --remove \
+	$imagedir/etc/ssh/ssh_host_dsa_key \
+	$imagedir/etc/ssh/ssh_host_dsa_key.pub \
+	$imagedir/etc/ssh/ssh_host_rsa_key \
+	$imagedir/etc/ssh/ssh_host_rsa_key.pub
diff --git a/tasks/50-add-init-scripts b/tasks/wheezy/50-add-init-scripts
similarity index 51%
rename from tasks/50-add-init-scripts
rename to tasks/wheezy/50-add-init-scripts
index a1cb2d0..3770873 100644
--- a/tasks/50-add-init-scripts
+++ b/tasks/wheezy/50-add-init-scripts
@@ -1,3 +1,3 @@
 #!/bin/bash
 # Add standard startup scripts to the init_scripts list
-init_scripts+=("$scriptdir/init.d/generate-ssh-hostkeys")
+init_scripts+=("$scriptdir/init.d/wheezy/generate-ssh-hostkeys")
diff --git a/tasks/wheezy/62-delete-host-keys b/tasks/wheezy/62-delete-host-keys
new file mode 100644
index 0000000..235d32c
--- /dev/null
+++ b/tasks/wheezy/62-delete-host-keys
@@ -0,0 +1,9 @@
+#!/bin/bash
+# Remove the ssh host keys, they need to be shredded
+shred --remove \
+	$imagedir/etc/ssh/ssh_host_dsa_key \
+	$imagedir/etc/ssh/ssh_host_dsa_key.pub \
+	$imagedir/etc/ssh/ssh_host_rsa_key \
+	$imagedir/etc/ssh/ssh_host_rsa_key.pub \
+	$imagedir/etc/ssh/ssh_host_ecdsa_key \
+	$imagedir/etc/ssh/ssh_host_ecdsa_key.pub