systemd: sshd: Disable ssh-keygen

The default _sshd.service_ unit runs `ssh-keygen -A` in `ExecStartPre`, to ensure host keys exist before starting the SSH daemon. Unfortunately, this tool does _not_ respect the `HostKey` settings in `sshd_config`, and unconditionally tries to create the key files in `/etc/ssh`. Since this directory is not writable, the command fails, preventing the SSH daemon from starting.
build-rootfs: Relocate misplaced PAM libs
2025-01-02 12:57:31 -06:00 · 2025-01-02 12:57:14 -06:00
2 changed files with 7 additions and 0 deletions
--- a/build-rootfs.sh
+++ b/build-rootfs.sh
@@ -89,6 +89,11 @@ qemu-${target%%-*} \
    -r /mnt/gentoo \
    -f /mnt/gentoo/etc/ld.so.conf

+if [ -d /mnt/gentoo/lib64/security ]; then
+    find /mnt/gentoo/lib64/security -name 'pam_*.so' \
+        -exec mv -t /mnt/gentoo/lib/security {} +
+fi
+
 rm -f /mnt/gentoo/lib/tmpfiles.d/provision.conf
 systemd-tmpfiles --root=/mnt/gentoo -E --exclude-prefix=/var --create

--- a/overlay/usr/lib/systemd/sshd.service.d/no-keygen.conf
+++ b/overlay/usr/lib/systemd/sshd.service.d/no-keygen.conf
@@ -0,0 +1,2 @@
+[Service]
+ExecStartPre=