From bd6539d27ec5df6dbb56b681f30a10cfd76beedf Mon Sep 17 00:00:00 2001
From: "Anand Mehra (anamehra)" <anamehra@cisco.com>
Date: Wed, 12 Nov 2025 23:24:37 -0800
Subject: [PATCH] factory-reset: clear hostname and ssh keys, and reset motd
 banner

- Remove SSH host keys (will be regenerated on boot)
- Remove hostname (will be set on boot)
- Add reset motd banner to factory default
---
 .../build_templates/sonic_debian_extension.j2 |  2 ++
 .../image_config/reset-factory/reset-factory  | 28 +++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2
index 4eb8c66a3c8e..88341d5c21cc 100644
--- a/files/build_templates/sonic_debian_extension.j2
+++ b/files/build_templates/sonic_debian_extension.j2
@@ -123,6 +123,8 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
 sudo cp $IMAGE_CONFIGS/environment/environment $FILESYSTEM_ROOT/etc/
 sudo cp $IMAGE_CONFIGS/environment/motd $FILESYSTEM_ROOT/etc/
 sudo cp $IMAGE_CONFIGS/environment/logout_message $FILESYSTEM_ROOT/etc/
+# Create a default copy of motd for factory reset
+sudo cp $IMAGE_CONFIGS/environment/motd $FILESYSTEM_ROOT/etc/motd_factory_default
 
 # Create all needed directories
 sudo mkdir -p $FILESYSTEM_ROOT/etc/sonic/
diff --git a/files/image_config/reset-factory/reset-factory b/files/image_config/reset-factory/reset-factory
index fc86737c9d07..d04c1e14e78b 100755
--- a/files/image_config/reset-factory/reset-factory
+++ b/files/image_config/reset-factory/reset-factory
@@ -76,6 +76,19 @@ clear_sonic_dir()
     mount -o remount /
 }
 
+# Remove SSH keys from all users
+reset_ssh_keys()
+{
+    echo "Remove SSH authorized keys from all users"
+    # Remove authorized_keys from all user home directories
+    find /home /root \( -path "*/.ssh/authorized_keys*" -o -path "*/.ssh/known_hosts*" \) \
+                    -type f -print -delete 2>/dev/null | tee -a "$PERMLOG"
+    
+    echo "Remove SSH host keys from /etc/ssh"
+    # Remove existing host keys (will be regenerated on boot)
+    rm -f /etc/ssh/ssh_host_*
+}
+
 # Get list of defaults users names and passwords from DEFAULT_USERS_FILE
 # Delete non-default users and restore default password of default users
 reset_users()
@@ -143,6 +156,18 @@ TEMP_CFG="/tmp/temp_config_db.$$"
 cp ${CONFIG_DB_JSON} ${TEMP_CFG}
 if [ "$FACTORY_TYPE" != "keep-basic" ] && [ "$FACTORY_TYPE" != "keep-all-config" ]; then
     rm -f ${CONFIG_DB_JSON}
+
+    echo "Reset banner/motd file"
+    DEFAULT_MOTD_FILE='/etc/motd_factory_default'
+    if [ -f ${DEFAULT_MOTD_FILE} ]; then
+        cp ${DEFAULT_MOTD_FILE} /etc/motd
+        echo "MOTD restored from factory default" | tee -a "$PERMLOG"
+    else
+        echo "WARNING: Factory default motd file not found at ${DEFAULT_MOTD_FILE}" | tee -a "$PERMLOG"
+    fi
+
+    echo "Removing hostname (will be set on boot)"
+    rm -f /etc/hostname
 fi
 
 echo "Call config-setup factory"
@@ -159,6 +184,9 @@ if [ "$FACTORY_TYPE" != "only-config" ]; then
         # Delete non-default users and restore default users passwords
         reset_users
 
+        # Remove SSH keys from all users and host keys
+        reset_ssh_keys
+
         echo "Delete bash, python and vim history files"
         find /home /root -type f -name ".bash_history" -o -name ".python_history" -o -name ".viminfo" | xargs rm -rf