so that we can explicitly pin just this key when doing intra-cluster SSH
connections. this works similar to the certificate cache we use for API
proxying, but without automatic invalidation, since node A doesn't have access
to node B's host key..
Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
---
Notes:
we could store more than just the RSA one there, but that would have some
potential for fallout.. the filename could also be changed to reflect what
it contains, not what is used for - e.g., "ssh_host_keys"
src/PVE/Cluster/Setup.pm | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/src/PVE/Cluster/Setup.pm b/src/PVE/Cluster/Setup.pm
index 07020d7..4b6f013 100644
--- a/src/PVE/Cluster/Setup.pm
+++ b/src/PVE/Cluster/Setup.pm
@@ -220,6 +220,20 @@ sub ssh_unmerge_known_hosts {
PVE::Tools::file_set_contents($ssh_system_known_hosts, $old);
}
+sub ssh_create_node_known_hosts {
+ my ($nodename) = @_;
+
+ my $hostkey = PVE::Tools::file_get_contents($ssh_host_rsa_id);
+ # Note: file sometimes containe empty lines at start, so we use multiline
match
+ die "can't parse $ssh_host_rsa_id" if $hostkey !~
m/^(ssh-rsa\s\S+)(\s.*)?$/m;
+ $hostkey = $1;
+
+ my $raw = "$nodename $hostkey";
+ PVE::Tools::file_set_contents("/etc/pve/nodes/$nodename/ssh_known_hosts",
$raw);
+
+ # TODO: also setup custom keypair and client config here to disentangle
entirely from /root/.ssh?
+}
+
sub ssh_merge_known_hosts {
my ($nodename, $ip_address, $createLink) = @_;
@@ -823,6 +837,7 @@ sub updatecerts_and_ssh {
$p->("merge authorized SSH keys and known hosts");
ssh_merge_keys();
ssh_merge_known_hosts($nodename, $local_ip_address, 1);
+ ssh_create_node_known_hosts($nodename);
gen_pve_vzdump_files();
}
--
2.39.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
