nixos/ssh: remove empty host key files before generating new ones

In a previous PR [1], the conditional to generate a new host key file was changed to also include the case when the file exists, but has zero size. This could occur when the system is uncleanly powered off shortly after first boot. However, ssh-keygen prompts the user before overwriting a file. For example: $ touch hi $ ssh-keygen -f hi Generating public/private rsa key pair. hi already exists. Overwrite (y/n)? So, lets just try to remove the empty file (if it exists) before running ssh-keygen. [1] https://github.com/NixOS/nixpkgs/pull/141258
2 years ago · ad38a2a646
parent 8070351515
commit ad38a2a646
1 changed files with 1 additions and 0 deletions
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@ -441,6 +441,7 @@ in

                ${flip concatMapStrings cfg.hostKeys (k: ''
                  if ! [ -s "${k.path}" ]; then
+                      rm -f "${k.path}"
                      ssh-keygen \
                        -t "${k.type}" \
                        ${if k ? bits then "-b ${toString k.bits}" else ""} \