Commit 404fb5ab authored by Tyler Langlois's avatar Tyler Langlois
Browse files

nixos/ec2-data: skip unrecognized keys in print-host-keys 

The recent move to strip out DSS support from the openssh package
means that older key formats cause the key-printing command to
fail. Rather than causing the entire unit to fail, we should instead
skip those keys - while still letting the error through to the
console - and continue to print other keys the loop may find.
parent 3788993d

nixos/modules/virtualisation/ec2-data.nix

+1 −1
Original line number Diff line number Diff line
@@ -80,7 +80,7 @@ with lib; 
            # ec2-get-console-output.

            echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console

            for i in /etc/ssh/ssh_host_*_key.pub; do

                ${config.programs.ssh.package}/bin/ssh-keygen -l -f $i > /dev/console

                ${config.programs.ssh.package}/bin/ssh-keygen -l -f $i || true > /dev/console

            done

            echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console

          '';