nuageinit: complete SSH support with ssh_deletekeys and disable_root

Add missing SSH cloud-config options from cloud-init spec:

- ssh_deletekeys: remove existing SSH host keys on first boot so
  new ones are generated automatically by sshd(8).
  Implemented as delete_ssh_host_keys() in nuage.lua using lfs.dir()
  with a directory existence guard via lfs.attributes().

- disable_root: set PermitRootLogin to 'no' (or a custom value via
  disable_root_opts) in /etc/ssh/sshd_config.

- disable_root_opts: optional string or array to override the
  PermitRootLogin value used when disable_root is true. Only the
  first array element is used.
This commit is contained in:
Baptiste Daroussin
2026-06-04 22:17:03 +02:00
parent ea0932d71a
commit 22c1f5d0ec
3 changed files with 70 additions and 0 deletions
+14
View File
@@ -539,6 +539,19 @@ local function update_sshd_config(key, value)
os.rename(sshd_config .. ".nuageinit", sshd_config)
end
local function delete_ssh_host_keys(root)
local ssh_dir = root .. "/etc/ssh"
local attrs = lfs.attributes(ssh_dir)
if not attrs or attrs.mode ~= "directory" then
return
end
for entry in lfs.dir(ssh_dir) do
if entry:match("^ssh_host_.*key") or entry:match("^ssh_host_.*key%.pub") then
os.remove(ssh_dir .. "/" .. entry)
end
end
end
local function exec_change_password(user, password, type, expire)
local root = os.getenv("NUAGE_FAKE_ROOTDIR")
local cmd = "pw "
@@ -761,6 +774,7 @@ local n = {
addgroup = addgroup,
addsshkey = addsshkey,
update_sshd_config = update_sshd_config,
delete_ssh_host_keys = delete_ssh_host_keys,
chpasswd = chpasswd,
pkg_bootstrap = pkg_bootstrap,
install_package = install_package,