From 200ff0abf534d604944ce9a3dad6dbb9cd0a0af2 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 7 Aug 2022 15:28:39 +0300
Subject: fix: allow ed25519 for certificates, otherwise certs don't work

Sponsored-by: author
---
 configure-installer | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/configure-installer b/configure-installer
index 7596c28..e52aa19 100755
--- a/configure-installer
+++ b/configure-installer
@@ -1,6 +1,7 @@
 #!/usr/bin/python3
 
 import argparse
+import glob
 import os
 import subprocess
 import tempfile
@@ -86,11 +87,15 @@ def host_id(config, mp):
     host_key = "/etc/ssh/ssh_host_key"
     host_cert = "/etc/ssh/ssh_host_key-cert.pub"
 
+    # Remove all existing host keys.
+    for filename in glob.glob(f"{mp}/etc/ssh/ssh_host_*_key*"):
+        os.remove(filename)
+
     # Note that the order of HostKey and HostCertificate lines matter.
     write(
         f"{mp}{config_d}/id.conf",
         f"""
-HostKeyAlgorithms ssh-ed25519
+HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com
 HostKey {host_key}
 HostCertificate {host_cert}
 """,
-- 
cgit v1.2.1