.SSH keys are now generated correctly on EC2 instances created from a backup AMI
Previously, when creating a new Amazon EC2 instance of RHEL 8 from a backup Amazon Machine Image (AMI), `cloud-init` deleted existing SSH keys on the VM but did not create new ones. Consequently, the VM in some cases could not connect to the host.
This problem has been fixed for newly created RHEL 8.5 VMs. For VMs that were upgraded from RHEL 8.4 or earlier, you must work around the issue manually.
To do so, edit the `cloud.cfg` file and changing the `ssh_genkeytypes: ~` line to `ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519']`. This makes it possible for SSH keys to be deleted and generated correctly when provisioning a RHEL 8 VM in the described circumstances.
I'm working for a customer case with a same problem.
In /lib/systemd/system/cloud-init.service:
[Unit]
Wants=sshd-keygen.service
Before=sshd-keygen.service
sshd-keygen.service doesn't exist. I think it should use the following existing systemd units.
[Unit]
Wants=sshd-keygen.target
Before=sshd-keygen
Before=sshd-keygen
Before=sshd-keygen
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (cloud-init bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHEA-2021:4294