I wrote the following systemd unit, in /etc/systemd/system/regen-ssh-keys.service:
[Unit]
Description=OpenSSH Server Key Generation
# Do not run if keys already exist
ConditionPathExistsGlob=!/etc/ssh/ssh_host_*_key
# This service requires rng-tools to feed the random number generator,
# otherwise we may generate predictable keys without noticing it.
Requires=rng-tools.service
After=rng-tools.service
# sshd needs this service to be run and finished before starting
PartOf=sshd.service sshd.socket
Before=sshd.service sshd.socket
[Install]
# sshd needs this service to be run and finished before starting
WantedBy=sshd.service sshd.socket
[Service]
EnvironmentFile=-/etc/sysconfig/sshd
ExecStart=/usr/bin/ssh-keygen -A
Type=oneshot
RemainAfterExit=yes
and I enabled it with systemctl enable regen-ssh-keys.
It is not started at boot or when ssh starts, although service regen-ssh-keys status tells me it is loaded and enabled, and “inactive (dead)”.
Also, it is not listed by systemctl -a.
However, when I start it manually with service regen-ssh-keys start, it starts as expected.
Did I do something wrong when writing the unit?
Best Answer
The mistake was simply that I did not use the right names for the SSH service. Replacing
sshd.service sshd.socketbyssh.service ssh.socketfixed the issue.