View Single Post
  #6   (View Single Post)  
Old 22nd March 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I have never seen a problem like this one.

On first boot after install, or on any subsequent boot after deleting host keys, the rc(8) subsystem will automatically create keys.

Perhaps you manually halted the process with CTRL-C? Or perhaps /etc is mounted read-only? Your first /var/log/messages might show the error produced from the automatic ssh-keygen step.

Here is the make_keys() routine from /etc/rc at 5.2-release:
Code:
make_keys()
{
    if [ X"${named_flags}" != X"NO" ]; then
        if ! cmp -s /etc/rndc.key /var/named/etc/rndc.key ; then
            echo -n "rndc-confgen: generating shared secret... "
            if rndc-confgen -a -t /var/named >/dev/null 2>&1; then
                chmod 0640 /var/named/etc/rndc.key \
                    >/dev/null 2>&1
                echo done.
            else
                echo failed.
            fi
        fi
    fi

    if [ ! -f /etc/isakmpd/private/local.key ]; then
        echo -n "openssl: generating isakmpd/iked RSA key... "
        if openssl genrsa -out /etc/isakmpd/private/local.key 2048 \
            >/dev/null 2>&1; then
            chmod 600 /etc/isakmpd/private/local.key
            openssl rsa -out /etc/isakmpd/local.pub -in \
                /etc/isakmpd/private/local.key -pubout \
                >/dev/null 2>&1
            echo done.
        else
            echo failed.
        fi
    fi

    if [ ! -f /etc/iked/private/local.key ]; then
        # Just copy the generated isakmpd key
        cp /etc/isakmpd/private/local.key /etc/iked/private/local.key
        chmod 600 /etc/iked/private/local.key
        cp /etc/isakmpd/local.pub /etc/iked/local.pub
    fi

    ssh-keygen -A
}

Last edited by jggimi; 22nd March 2013 at 05:16 PM. Reason: clarity
Reply With Quote