From 8f935148d0039cfbc8cfb17ca5ddf65a18b3926e Mon Sep 17 00:00:00 2001
From: Gavin Li <gavinli@thegavinli.com>
Date: Wed, 17 Jun 2015 01:24:36 -0700
Subject: [PATCH] remove SSH keys when snapshot restore detected

---
 install.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/install.sh b/install.sh
index e306e67..07c4c7e 100755
--- a/install.sh
+++ b/install.sh
@@ -813,11 +813,14 @@ update_shadow_if_changed() {
 		# change password if file was touched
 		local encrypted_password=$(awk -F: '$1 == "root" { print $2 }' ${etcdir}/shadow)
 		if [ "${encrypted_password}" != "x" ]; then
+			log "Snapshot restore detected."
 			usermod -p "${encrypted_password}" root
 			if [ ${#encrypted_password} -gt 1 ]; then
 				chage -d 0 root
 			fi
-			log "Snapshot restore detected; password has been reset."
+			log "Password has been reset."
+			rm -f /etc/ssh/ssh_host_key /etc/ssh/ssh_host_*_key
+			log "SSH host keys will be regenerated."
 		fi
 	fi
 	cat > ${etcdir}/shadow <<-EOF