GNU bug report logs - #35460
Self supplied SSH host keys

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Severity: wishlist; Reported by: rendaw <7e9wc56emjakcm@HIDDEN>; dated Sat, 27 Apr 2019 17:46:01 UTC; Maintainer for guix is bug-guix@HIDDEN.

Message received at submit <at>

Received: (at submit) by; 27 Apr 2019 17:45:54 +0000
From debbugs-submit-bounces <at> Sat Apr 27 13:45:54 2019
Received: from localhost ([]:35965
	by with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at>>)
	id 1hKROc-0002DS-0t
	for submit <at>; Sat, 27 Apr 2019 13:45:54 -0400
Received: from ([]:48127)
 by with esmtp (Exim 4.84_2)
 (envelope-from <7e9wc56emjakcm@HIDDEN>) id 1hKROZ-000261-Qa
 for submit <at>; Sat, 27 Apr 2019 13:45:52 -0400
Received: from compute6.internal (compute6.nyi.internal [])
 by mailout.nyi.internal (Postfix) with ESMTP id 5383821785
 for <submit <at>>; Sat, 27 Apr 2019 13:45:46 -0400 (EDT)
Received: from mailfrontend1 ([])
 by compute6.internal (MEProxy); Sat, 27 Apr 2019 13:45:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=to
 :content-transfer-encoding; s=fm3; bh=l+6vNfGpuC9OAvpy2iSupEQFJO
 z/OGFeO2+4JL47L+c=; b=mtZv+nUdPe8Nf3J7lhgA+XjdlZzZfmedouSxpfnN4v
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=content-transfer-encoding:content-type
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=l+6vNf
 GpuC9OAvpy2iSupEQFJOz/OGFeO2+4JL47L+c=; b=z9rrNM8YBAguG+LPsn3jJP
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrheekgdduudekucetufdoteggodetrfdotf
X-ME-Proxy: <xmx:SZXEXJoV2K65ipsjCWw3W71Dt5u5jjU6DQHivLPamzAkl93ncMiK0w>
Received: from [] (
 by (Postfix) with ESMTPA id 3C118E4173
 for <submit <at>>; Sat, 27 Apr 2019 13:45:45 -0400 (EDT)
To: submit <at>
From: rendaw <7e9wc56emjakcm@HIDDEN>
Subject: Self supplied SSH host keys
Message-ID: <e6456771-5f66-a032-a2e2-826295dd0a7a@HIDDEN>
Date: Sun, 28 Apr 2019 02:45:43 +0900
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at>
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <>
List-Unsubscribe: <>, 
 <mailto:debbugs-submit-request <at>>
List-Archive: <>
List-Post: <mailto:debbugs-submit <at>>
List-Help: <mailto:debbugs-submit-request <at>>
List-Subscribe: <>, 
 <mailto:debbugs-submit-request <at>>
Errors-To: debbugs-submit-bounces <at>
Sender: "Debbugs-submit" <debbugs-submit-bounces <at>>
X-Spam-Score: -1.7 (-)

Package: guix
Version: 0.16.0
Severity: wishlist

In a disk-image the ssh host keys are generated anew every time the
system boots.  This is a significant security issue - the unknown host
warnings will cause notification blindness and users won't recognize if
the host is legitimately compromised.

There's a workaround involving mounting the disk image (losetup -fP &
mount) after building it and adding the files that way, but it requires
a patch to the openssh service activation procedure to re-reset the file
permissions (they're set to 644 or something by an earlier statement).
I can submit my patch if there's interest.

This is a wishlist bug though since it requires a method to add files
with sensitive contents to the system, which I made another ticket for

Acknowledgement sent to rendaw <7e9wc56emjakcm@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#35460; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 25 Nov 2019 12:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.