How are lines removed from a standard (system) systemd unit file? Here are the details:
ls -la /etc/ssh/ssh_host_*key*
This shows I have unused and unwanted host key types. They are not configured in my sshd_config, but I prefer they not exist at all. If I remove them, they get auto-regenerated.
From what I see, /usr/lib/systemd/system/sshd.service includes:
Wants=sshdgenkeys.service
The contents of that are shown below with cat /usr/lib/systemd/system/sshdgenkeys.service:
[Unit]
Description=SSH Key Generation
ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key
ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key.pub
ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key
ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub
ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key
ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key.pub
ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key
ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub
[Service]
ExecStart=/usr/bin/ssh-keygen -A
Type=oneshot
RemainAfterExit=yes
I know I can override or create a unit file setting using systemctl edit, but how are lines like ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key removed?
What I want to end up with is similar to this:
[Unit]
Description=SSH Key Generation
ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key
ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key.pub
ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key
ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub
[Service]
ExecStart=/usr/bin/ssh-keygen -t rsa|ed25519 -a 32
Type=oneshot
RemainAfterExit=yes
I'm not sure that command is correct for ssh-keygen, but that's the general idea. I only want to generate two host key types, not all.
Best Answer
In systemd units, lists can typically be reset in overrides by assigning an empty value. This works for conditions too:
In your override, use this: