--- Begin Message ---On Thu, Jan 11, 2024 at 11:51:20AM +0100, Fabian Grünbichler wrote: > such as adapted configs and managed files. > > Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com> > --- > Notes: actual version needs to be inserted! > > pvecm.adoc | 18 ++++++++++++++++++ > 1 file changed, 18 insertions(+) > > diff --git a/pvecm.adoc b/pvecm.adoc > index 5b5b27b..3a32cfb 100644 > --- a/pvecm.adoc > +++ b/pvecm.adoc > @@ -918,6 +918,24 @@ transfer memory and disk contents. > > * Storage replication > > +SSH setup > +~~~~~~~~~ > + > +On {pve} systems, the following changes are made to the SSH > configuration/setup: > + > +* the `root` user's SSH client config gets setup to prefer `AES` over > `ChaCha20` > + > +* the `root` user's `authorized_keys` file gets linked to > + `/etc/pve/priv/authorized_keys`, merging all authorized keys within a > clusterWill you be opening a new fix # thread on this one or intending to keep it as-is (even as the known_hosts changes are rolled out)? > + > +* `sshd` is configured to allow logging in as root with a password > + > +NOTE: Older systems might also have `/etc/ssh/ssh_known_hosts` set up as > symlink > +pointing to `/etc/pve/priv/known_hosts`, containing a merged version of all > +node host keys. This system was replaced with explicit host key pinning in > +`pve-cluster <<INSERT VERSION>>`, the symlink can be deconfigured if still in > +place by running `pvecm updatecerts --unmerge-known-hosts`. > + > Pitfalls due to automatic execution of `.bashrc` and siblings > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > -- > 2.39.2 > > > > _______________________________________________ > pve-devel mailing list > pve-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
--- End Message ---
_______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
