SSH host key support?

[ghost]

This is quite neat, something I've wanted to see for a while.

Do you think it'd be possible to make this work for host key files so that you can predict the fingerprint of a host you've just created? I suppose you could also generate host keys client side and export them in the install script, but I wonder if there's a somewhat cleaner way to do it.

[mithrandi]

I couldn't quite think of a way to make this usefully, but maybe I misunderstood what you are asking for. We have either of:

1. Keep the seed on the provisioning host only, generate the private key, and copy it over to the host. But this is basically the same as generating a random keypair and copying that over.
2. Copy the seed over to the host; then the host can impersonate any other host by generating their private key.

[blackknight36]

@teran-mckinney An ssh host key is no different than any other signing key. I've ported this script to python and added support for generating RSA and ECDSA keys. Source is available at https://github.com/blackknight36/ssh-static-key-generator/blob/master/ssh_static_keygen.py.

This works well in our environment as we are often creating and destroying VMs and it is useful to be able to build a server with a host key that is already known.

[ghost]

@blackknight36 thank you!

[blackknight36]

@teran-mckinney You're welcome. While you could just run ssh-keygen and store the key files for later use I thought it would be nice to be able to generate keys based on a predefined seed.