Pregenerate host keys, use the user's public keys in authorized_keys.
Change-Id: I5bba372a63524c4afea2f79b2d4429f492ca3adf
diff --git a/fuchsia/developer-keys/BUILD.gn b/fuchsia/developer-keys/BUILD.gn
new file mode 100644
index 0000000..421a8a1
--- /dev/null
+++ b/fuchsia/developer-keys/BUILD.gn
@@ -0,0 +1,20 @@
+# Copyright 2017 The Fuchsia Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+action("developer-keys") {
+ script = "developer-keys.py"
+ dir = "${root_build_dir}/ssh-keys"
+ args = [ rebase_path(dir) ]
+ outputs = [
+ "${dir}/authorized_keys",
+ "${dir}/ssh_host_dsa_key",
+ "${dir}/ssh_host_dsa_key.pub",
+ "${dir}/ssh_host_ecdsa_key",
+ "${dir}/ssh_host_ecdsa_key.pub",
+ "${dir}/ssh_host_ed25519_key",
+ "${dir}/ssh_host_ed25519_key.pub",
+ "${dir}/ssh_host_rsa_key",
+ "${dir}/ssh_host_rsa_key.pub",
+ ]
+}
diff --git a/fuchsia/developer-keys/developer-keys.py b/fuchsia/developer-keys/developer-keys.py
new file mode 100755
index 0000000..de62198
--- /dev/null
+++ b/fuchsia/developer-keys/developer-keys.py
@@ -0,0 +1,36 @@
+#!/usr/bin/env python
+
+import os
+import shutil
+import subprocess
+import sys
+
+key_types = ('dsa', 'ecdsa', 'ed25519', 'rsa')
+
+def main(output_dir):
+ # make sure the output directory exists
+ if not os.path.exists(output_dir):
+ os.makedirs(output_dir)
+
+ for key_type in key_types:
+ key_file = os.path.join(output_dir, 'ssh_host_%s_key' % key_type)
+ if not os.path.exists(key_file):
+ # generate new host key
+ subprocess.check_call(['ssh-keygen', '-q', '-t', key_type, '-f', key_file, '-N', '', '-C', ''])
+
+ authorized_keys = os.path.join(output_dir, 'authorized_keys')
+ if not os.path.exists(authorized_keys):
+ # pick the most recent ~/.ssh/*.pub that isn't ~/.ssh/*-cert.pub
+ # this is what ssh-copy-id does
+ dot_ssh = os.path.join(os.environ['HOME'], '.ssh')
+ files = [os.path.join(dot_ssh, f) for f in os.listdir(dot_ssh) if f.endswith('.pub') and not f.endswith('-cert.pub')]
+ if len(files) == 0:
+ raise Exception('No SSH public keys found in ~/.ssh')
+ if len(files) > 1:
+ files.sort(key=lambda f: os.path.getmtime(f))
+ shutil.copyfile(files[-1], os.path.join(authorized_keys))
+
+
+if __name__ == '__main__':
+ assert len(sys.argv) == 2
+ main(sys.argv[1])
diff --git a/fuchsia/sshd_config b/fuchsia/sshd_config
index 5bf9825..e643420 100644
--- a/fuchsia/sshd_config
+++ b/fuchsia/sshd_config
@@ -39,7 +39,7 @@
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile .ssh/authorized_keys
+AuthorizedKeysFile /system/data/ssh/authorized_keys
#AuthorizedPrincipalsFile none
