From 70bd757166fb5bbef485d6d409a0498ed7ecdeda Mon Sep 17 00:00:00 2001
From: Dominik Roth <mail@dominik-roth.eu>
Date: Mon, 18 Aug 2025 01:02:54 +0200
Subject: [PATCH] tinyssh gen host keys

---
 post-install.sh | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/post-install.sh b/post-install.sh
index 8ac2aa5..ec01b9e 100755
--- a/post-install.sh
+++ b/post-install.sh
@@ -106,6 +106,10 @@ dnf install -y \
   tmux neovim python3-pip \
   tree gcc make autoconf automake tar bzip2 || exit 1
 
+# Install tinyssh-keyconvert
+echo "[+] Installing tinyssh-keyconvert..."
+pip3 install git+https://github.com/ansemjo/tinyssh-keyconvert.git || echo "WARNING: tinyssh-keyconvert install failed"
+
 # Build and install tinyssh from source since AlmaLinux doesn't package it
 echo "[+] Installing tinyssh from source..."
 cd /tmp || exit 1
@@ -255,11 +259,18 @@ mkdir -p /etc/tinyssh/sshkeydir
 echo "${SSH_KEY}" > /etc/tinyssh/authorized_keys
 chmod 600 /etc/tinyssh/authorized_keys
 
-# Generate host keys using OpenSSH then convert to tinyssh format
-ssh-keygen -A
-for key in /etc/ssh/ssh_host_*_key; do
-    [ -f "$key" ] && tinyssh-keyconvert "$key" /etc/tinyssh/sshkeydir/
-done
+# Generate host keys using tinyssh directly
+/usr/local/bin/tinysshd-makekey /etc/tinyssh/sshkeydir || {
+    echo "WARNING: Failed to generate tinyssh keys, falling back to OpenSSH conversion"
+    ssh-keygen -A
+    if command -v tinyssh-keyconvert >/dev/null 2>&1; then
+        for key in /etc/ssh/ssh_host_*_key; do
+            [ -f "$key" ] && tinyssh-keyconvert "$key" /etc/tinyssh/sshkeydir/
+        done
+    else
+        echo "ERROR: tinyssh-keyconvert not available and tinysshd-makekey failed"
+    fi
+}
 
 # Configure dracut
 cat > /etc/dracut.conf.d/99-tinyssh.conf << 'EOF'