Ticket #1123 (closed enhancement: worksforme)

Opened 11 years ago

Last modified 10 years ago

SSHbase: probe mode to preserve existing host keys

Reported by: Owned by: desai
Priority: major Milestone: Bcfg2 1.3.0 Release
Component: bcfg2-server Version: 1.0
Keywords: Cc:


SSHbase assumes that existing keys installed on client systems are not worth preserving, and generates new keys with which to overwrite them for any client that it doesn't already have keys registered. This is fine for new system deployments, where generating fresh keys won't bother anyone. For existing systems that are being brought under bcfg2 control incrementally, or that have been using bcfg2 for a while but upgraded to a version with SSHbase, this is less than helpful. Users who have already connected to a bcfg2 client system using SSH will see changed keys, with the attendant warnings and trouble.

Thus, I propose that SSHbase should have a mode to probe existing host keys, and preserve them in the bcfg2 repository, rather than generating its own and overwriting the existing keys. As suggested by solj and stpierre on IRC, this can probably be accomplished using the existing FileProbe? infrastructure with some tweaks. I'll see about actually implementing it and posting a patch.


Change History

comment:1 Changed 10 years ago by solj

  • Status changed from new to closed
  • Resolution set to worksforme

It is possible to import existing ssh keys once you have setup the DBStats plugin. See for details.

WARNING! You need to establish a session before you can create or edit tickets. Otherwise the ticket will get treated as spam.


Add a comment

Modify Ticket

Change Properties
<Author field>
as closed
The resolution will be deleted. Next status will be 'reopened'

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.