#!/bin/bash -e
# generate new SSH keys
# note: ssh daemon needs to be restarted for changes to take effect

[ -n "$_TURNKEY_INIT" ] && exit 0

echo "Stopping SSH service to regenerate new keys"
systemctl stop ssh.service

tmp_dir=/etc/ssh/tmp_keys
rm -rf $tmp_dir # just in case it already contains keys
mkdir -p $tmp_dir
keys="rsa ecdsa ed25519"
for key in $keys; do
   file=$tmp_dir/ssh_host_${key}_key
   echo "Generating new SSH2 ${key^^} key; this may take a while..."
   ssh-keygen -q -f "${file}" -N '' -t ${key}
done

echo "Moving keys into place"
mv ${tmp_dir}/*{key,key.pub} /etc/ssh/
rm -rf $tmp_dir

echo "Restarting SSH service"
systemctl start ssh.service

exit 0
