nixos/ssh: remove empty host key files before generating new ones

In a previous PR [1], the conditional to generate a new host key file was changed to also include the case when the file exists, but has zero size. This could occur when the system is uncleanly powered off shortly after first boot. However, ssh-keygen prompts the user before overwriting a file. For example: $ touch hi $ ssh-keygen -f hi Generating public/private rsa key pair. hi already exists. Overwrite (y/n)? So, lets just try to remove the empty file (if it exists) before running ssh-keygen. [1] https://github.com/NixOS/nixpkgs/pull/141258
author: Daniel Fullmer <danielrf12@gmail.com> 2022-05-03 17:58:19 -0700
committer: Daniel Fullmer <danielrf12@gmail.com> 2022-05-03 22:09:43 -0700
commit: ad38a2a6464394697f0672717f39c1b6188c1a89 (patch)
tree: a44a32fcbfb41940a0b35d4875e4f0b2eed0fce3 /nixos
parent: 80703515158aff79661646cedeec98f787b161b1 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index 230ab673a9761..d467c3c0471cf 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -441,6 +441,7 @@ in
 
                 ${flip concatMapStrings cfg.hostKeys (k: ''
                   if ! [ -s "${k.path}" ]; then
+                      rm -f "${k.path}"
                       ssh-keygen \
                         -t "${k.type}" \
                         ${if k ? bits then "-b ${toString k.bits}" else ""} \
author	Daniel Fullmer <danielrf12@gmail.com>	2022-05-03 17:58:19 -0700
committer	Daniel Fullmer <danielrf12@gmail.com>	2022-05-03 22:09:43 -0700
commit	ad38a2a6464394697f0672717f39c1b6188c1a89 (patch)
tree	a44a32fcbfb41940a0b35d4875e4f0b2eed0fce3 /nixos
parent	80703515158aff79661646cedeec98f787b161b1 (diff)