I usually install VyOS via ISO and create its OVA for deployments. I setup 2025.08.13-0020-rolling but when deploying the 2nd OVA and connecting via SSH the terminal shows this KEY already exists.
I want to know how to generate new SSH Key during initial boot..
I used restart ssh and generate ssh server-key and they work but how do I use them in pre or post script. To my understand they will always generate a new SSH key on every boot.
I tried going through Cloud-Init but can’t understand it, or how its used..
Even with cloud-init, if it’s deployed once and cloud-init files aren’t cleaned up, it would keep the keys.
I can see two options:
Replicate what we are doing for LTS releases: build a VMDK image using the flavor system, then convert it to an OVA with ovftool. That way the keys simply aren’t there inside the OVA in the first place. See vyos-build/data/build-flavors/generic.toml at current · vyos/vyos-build · GitHub — you can change that line to image_format = “vmdk”. There are more things you can do to automate the build, you’ll need to read the build script to get a sense of that, since we don’t have public documentation about that at the moment.
Delete the keys before exporting to OVA. That will probably work.
Before we generate images, we go in and sudo rm -rf /etc/ssh/ssh_host_*, then we poweroff the machine, then take image.
The lack of SSH host keys on boot means it will re-generate them automatically. This means any machine created from the image will have unique host keys.