Security fix: Delete SSH-Hostkeys in image & regenerate on first run

Dockerfile

@@ -14,6 +14,7 @@ RUN apt-get update && apt-get -y install borgbackup openssh-server
 RUN useradd -s /bin/bash -m borg
 RUN mkdir /home/borg/.ssh && chmod 700 /home/borg/.ssh && chown borg: /home/borg/.ssh
 RUN mkdir /run/sshd
+RUN rm -f /etc/ssh/ssh_host*key*
 
 COPY ./data/run.sh /run.sh
 COPY ./data/sshd_config /etc/ssh/sshd_config

data/run.sh

@@ -21,9 +21,17 @@ for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
 	fi
 done
 
-# Copy SSH-Host-Keys to persistent storage
+# (Create &) Copy SSH-Host-Keys to persistent storage
 mkdir -p ${SSH_KEY_DIR}/host 2>/dev/null
 echo " * Checking / Preparing SSH Host-Keys..."
+
+if [ ! -f /etc/ssh/ssh_host_rsa_key ] ; then
+	echo "  ** Creating SSH Hostkeys..."
+	for keytype in ed25519 rsa ; do
+		ssh-keygen -q -f "/etc/ssh/ssh_host_${keytype}_key" -N '' -t $keytype
+	done
+fi
+
 for keyfile in ssh_host_rsa_key ssh_host_ed25519_key ; do
 	if [ ! -f "${SSH_KEY_DIR}/host/${keyfile}" ] ; then
 		cp /etc/ssh/${keyfile} "${SSH_KEY_DIR}/host/${keyfile}"