DO Ideas 2

Generate SSH Host Keys for new droplet

Currently, when create new droplets using the same Standart OS Image (e.g. Ubuntu 12.04 x64 Server), we get the nodes with the same (predefined in image) ssh host keys. Different IPs, but exactly equivalent Host Keys. But each node should have unique ssh host keys for security reasons and verification's purpose.

Suggest a generate SSH Host Keys for all new droplet on create or rebuild (from custom snapshots too) via executing (for Ubuntu): ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key (and similar for other OS).

  • Vitaliy Shopov
  • Sep 11 2018
  • Shipped
  • Attach files
  • Moisey Uretsky commented
    September 11, 2018 19:06

    Last three images updated so it should be all good now.

    Thanks!

  • Trevor Bergeron commented
    September 11, 2018 19:06

    Double-plus ungood, unbreak now, that's terrible for security!
    Also, the new host key should ideally be available on the control panel and/or via signed email to the user.

  • Vitaliy Shopov commented
    September 11, 2018 19:06

    Thanks too for quick reaction!

  • Moisey Uretsky commented
    September 11, 2018 19:06

    Hi Vitaly,

    Thanks for the update will look into this immediately.

    Thanks!