get fresh ssh keys on boot

ubuntu/helpers/build.sh

@@ -50,6 +50,11 @@ cp makedev /etc/apt/preferences.d/makedev
 cp locale.conf /etc/locale.conf
 cp locale /etc/default/locale
 
+# make sure we get fresh ssh keys on first boot
+/bin/rm -f -v /etc/ssh/ssh_host_*_key*
+cp regenerate_ssh_host_keys.service /etc/systemd/system
+systemctl daemon-reload
+systemctl enable regenerate_ssh_host_keys
 # Remove the divert that disables services
 rm -f /sbin/initctl
 dpkg-divert --local --rename --remove /sbin/initctl

ubuntu/helpers/regenerate_ssh_host_keys.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Regenerate SSH host keys
+Before=ssh.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/ssh-keygen -A -v
+ExecStartPost=/bin/systemctl disable regenerate_ssh_host_keys
+
+[Install]
+WantedBy=multi-user.target