nixos/ec2-data: skip unrecognized keys in print-host-keys

The recent move to strip out DSS support from the openssh package means that older key formats cause the key-printing command to fail. Rather than causing the entire unit to fail, we should instead skip those keys - while still letting the error through to the console - and continue to print other keys the loop may find.
2024-06-24 16:08:59 -06:00
parent 3788993dc9
commit 404fb5ab9c
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/virtualisation/ec2-data.nix
+++ b/nixos/modules/virtualisation/ec2-data.nix
@@ -80,7 +80,7 @@ with lib;
            # ec2-get-console-output.
            echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console
            for i in /etc/ssh/ssh_host_*_key.pub; do
-                ${config.programs.ssh.package}/bin/ssh-keygen -l -f $i > /dev/console
+                ${config.programs.ssh.package}/bin/ssh-keygen -l -f $i || true > /dev/console
            done
            echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console
          '';