mkuserland.sh: install openssh-client
In contrast to what we thought would happen on IRC a few weeks ago, installing the openssh-client
package doesn't actually install any key material. The installation remains 100% reproducible even with openssh-client
installed. I argue that an ssh client should be part of any modern Linux system.
For reference, these are the paths (files, directories, symlinks) that are new or differ between a reform system image with and without the openssh-client
package installed. None of this is key material:
/etc/alternatives/rcp
/etc/alternatives/rcp.1.gz
/etc/alternatives/rlogin
/etc/alternatives/rlogin.1.gz
/etc/alternatives/rsh
/etc/alternatives/rsh.1.gz
/etc/group
/etc/group-
/etc/gshadow
/etc/gshadow-
/etc/ld.so.cache
/etc/passwd
/etc/ssh/
/etc/ssh/ssh_config
/etc/ssh/ssh_config.d/
/usr/bin/rcp
/usr/bin/rlogin
/usr/bin/rsh
/usr/bin/scp
/usr/bin/sftp
/usr/bin/slogin
/usr/bin/ssh
/usr/bin/ssh-add
/usr/bin/ssh-agent
/usr/bin/ssh-argv0
/usr/bin/ssh-copy-id
/usr/bin/ssh-keygen
/usr/bin/ssh-keyscan
/usr/lib/aarch64-linux-gnu/libcbor.so.0.8
/usr/lib/aarch64-linux-gnu/libcbor.so.0.8.0
/usr/lib/aarch64-linux-gnu/libfido2.so.1
/usr/lib/aarch64-linux-gnu/libfido2.so.1.11.0
/usr/lib/openssh/
/usr/lib/openssh/agent-launch
/usr/lib/openssh/ssh-keysign
/usr/lib/openssh/ssh-pkcs11-helper
/usr/lib/openssh/ssh-sk-helper
/usr/lib/systemd/user/graphical-session-pre.target.wants/
/usr/lib/systemd/user/graphical-session-pre.target.wants/ssh-agent.service
/usr/lib/systemd/user/ssh-agent.service
/usr/share/apport/package-hooks/openssh-client.py
/usr/share/doc/libcbor0.8/
/usr/share/doc/libcbor0.8/changelog.Debian.gz
/usr/share/doc/libcbor0.8/changelog.gz
/usr/share/doc/libcbor0.8/copyright
/usr/share/doc/libcbor0.8/README.md
/usr/share/doc/libfido2-1/
/usr/share/doc/libfido2-1/changelog.Debian.arm64.gz
/usr/share/doc/libfido2-1/changelog.Debian.gz
/usr/share/doc/libfido2-1/copyright
/usr/share/doc/openssh-client/
/usr/share/doc/openssh-client/changelog.Debian.arm64.gz
/usr/share/doc/openssh-client/changelog.Debian.gz
/usr/share/doc/openssh-client/changelog.gz
/usr/share/doc/openssh-client/copyright
/usr/share/doc/openssh-client/NEWS.Debian.gz
/usr/share/doc/openssh-client/OVERVIEW.gz
/usr/share/doc/openssh-client/README
/usr/share/doc/openssh-client/README.Debian.gz
/usr/share/doc/openssh-client/README.dns
/usr/share/doc/openssh-client/README.tun.gz
/usr/share/lintian/overrides/openssh-client
/usr/share/man/man1/rcp.1.gz
/usr/share/man/man1/rlogin.1.gz
/usr/share/man/man1/rsh.1.gz
/usr/share/man/man1/scp.1.gz
/usr/share/man/man1/sftp.1.gz
/usr/share/man/man1/slogin.1.gz
/usr/share/man/man1/ssh.1.gz
/usr/share/man/man1/ssh-add.1.gz
/usr/share/man/man1/ssh-agent.1.gz
/usr/share/man/man1/ssh-argv0.1.gz
/usr/share/man/man1/ssh-copy-id.1.gz
/usr/share/man/man1/ssh-keygen.1.gz
/usr/share/man/man1/ssh-keyscan.1.gz
/usr/share/man/man5/ssh_config.5.gz
/usr/share/man/man8/ssh-keysign.8.gz
/usr/share/man/man8/ssh-pkcs11-helper.8.gz
/usr/share/man/man8/ssh-sk-helper.8.gz
/var/cache/debconf/config.dat
/var/cache/debconf/config.dat-old
/var/cache/man/index.db
/var/lib/apt/extended_states
/var/lib/dpkg/alternatives/rcp
/var/lib/dpkg/alternatives/rlogin
/var/lib/dpkg/alternatives/rsh
/var/lib/dpkg/info/libcbor0.8:arm64.list
/var/lib/dpkg/info/libcbor0.8:arm64.md5sums
/var/lib/dpkg/info/libcbor0.8:arm64.shlibs
/var/lib/dpkg/info/libcbor0.8:arm64.symbols
/var/lib/dpkg/info/libcbor0.8:arm64.triggers
/var/lib/dpkg/info/libfido2-1:arm64.list
/var/lib/dpkg/info/libfido2-1:arm64.md5sums
/var/lib/dpkg/info/libfido2-1:arm64.shlibs
/var/lib/dpkg/info/libfido2-1:arm64.symbols
/var/lib/dpkg/info/libfido2-1:arm64.triggers
/var/lib/dpkg/info/openssh-client.conffiles
/var/lib/dpkg/info/openssh-client.list
/var/lib/dpkg/info/openssh-client.md5sums
/var/lib/dpkg/info/openssh-client.postinst
/var/lib/dpkg/info/openssh-client.postrm
/var/lib/dpkg/info/openssh-client.preinst
/var/lib/dpkg/info/openssh-client.prerm
/var/lib/dpkg/status
/var/lib/dpkg/status-old
/var/lib/ntpsec/