Can custom kernel override UDM SSH Host Public Key?

[ghost]

I don't know about UDM Pro, but UDM basic SSH host public key stays the same, even after full factory reset. Normally, Linux network devices re-generate public host keys after a full factory reset or at least let users create their own host keys for "/etc/ssh/ssh_host_rsa_key" and "/etc/ssh/ssh_host_rsa_key.pub" (or whichever encryption format) , but not UDM basic. I think Ubiquiti hardcodes public SSH host key into each UDM unit.

I already use persistent SSH authorized_keys script, but I'd like to override UDM's host keys as well. Can UDM Kernel Tools help with them? I can't even find where UDM stores its host keys. Creating "/etc/ssh/ssh_host_rsa_key" and "/etc/ssh/ssh_host_rsa_key.pub" in root shell or UniFi-OS shell directories doesn't override host keys either. UDM basic also doesn't re-generate "/etc/random_seed" file after a reboot. It is supposed to do that to aid encryption entropy.

[fabianishere]

UniFi uses Dropbear as SSH server, so you should look at the /etc/dropbear directory instead.

[ghost]

Yes! Thank you. I checked files in that directory and they contained:

1. Empty "authorized_keys" file
2. Private RSA host key
3. Private DSA host key

Private RSA and DSA host keys were encrypted, not in plaintext format. Rebooting after deleting those files from that directory and from "/root/run" directory re-generated identical RSA and DSA private host files. Replacing those files with self-generated keys didn't have an effect on UDM host public key. Changing SSH password witin UDM GUI didn't update dropbear RSA and DSA private keys. They remained static (just like public host key) no matter what I tried.

[fabianishere]

Changes to the root filesystem are not persistent, so once you reboot, you’ll lose all changes.

If you update the host keys, you should probably restart the SSH server before it will work.

[ghost]

Changes to root filesystem are not persistent, but host public key stays persistent, even after factory wipe. I can generate new public host key using dropbearkey command, but restating dropbear service afterwards cuts off SSH access until reboot. After reboot, UDM restores its persistent public host key. If you do manage to change UDM public host key, please let me know!

[ghost]

Just FYI restarting /etc/init.d/dropbear service simply deletes any custom host keys in /etc/dropbear directory and restores stock/default host keys that stay persistent even after factory reset. Keys that are not persistent (unless modified during boot by a script) are the ones in /root/.ssh/authorized_keys and in /mnt/data/ssh, but dropbear host keys are 100% persistent. I hope someone finds a way around this limitation.