Correct way to inject ssh host keys with etc transient activated

villagebatch · February 12, 2026, 12:31am

I can’t find the right way to inject the ssh host keys into a system with etc transient = true.

As I understand it, depending on external mechanisms is fine for the installation phase day 0, but it generates some doubts:

Wouldn’t those keys be lost after a restart?
Is it possible to modify those keys on day 2 with a bootc update?
Is it advisable to perform a systemd drop-in to the SSH service so that it moves or reads the keys in some persistent path such as /var/ssh?

Thanks

woprandi · March 20, 2026, 6:07pm

Can you post a reproductible example ?

siosm · April 23, 2026, 11:34am

When you used transient /etc, you either need to provision your system configuration on each boot or copy it from another persistent storage that you trust (which is mostly the same thing but put differently).

So if you use cloud-init for example, you need to provision those files for each boot.

Topic		Replies	Views
CoreOS live and persistent SSH host keys Ask Fedora coreos , server	4	3507	January 27, 2024
Generating ssh key in Silverblue Ask Fedora silverblue	5	3082	February 3, 2023
Transfer public-keys to server by SFTP Ask Fedora	7	800	November 21, 2021
Can no longer log into machine via SSH after upgrade from Fedora 42 to 43 Ask Fedora ssh	9	194	May 2, 2026
Configure sshd to not accept password login on Silverblue Ask Fedora silverblue	5	1030	August 6, 2023

Correct way to inject ssh host keys with etc transient activated

Related topics