serenity
serenity copied to clipboard
Ports: Generate OpenSSH host keys using a service
In the current state, during OpenSSH installation, the host keys are generated and stored in the disk image.
Since storing fixed keys in the image is not a good security practice in case you need to distribute the image, I think it would be a better approach to generate the keys via a service.
This is what is done in Arch Linux [1], for example.
[1]: https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/blob/9.3p1-2/sshdgenkeys.service