Sent from my iPhone
> On 11 Oct 2019, at 13:10, Thomas HUMMEL <thomas.hum...@pasteur.fr> wrote: > > On 10/11/19 6:02 PM, Vinícius Ferrão via xCAT-user wrote: >> Thomas take a look at Jarrod’s message. It’s from two days ago. > > Hello, > > I did. Thanks >> All those questions are there. >> And yes, Ross was talking about host keys. This is an issue with modern >> authentication. Everything is explained there. > > My understanding is that for now, as secureshell is not released yes I indeed > want remoteshell. Yes. But since you’re retailoring your system you should consider the security implications of that. If you want to keep per host keys without any additional infrastructure a mechanism should be implemented to keep the keys sane. Ir you don’t care for security, which is fine depending the case, remote shell in fact does what you want but be aware of the consequences. It’s an old script and can become a problem: for instance the ed25519 host keys are always regerated due to the fact that remoteshell ignores ed25519 keys. There’s a lot of ideias from Jarrod to reimplement something better. My path is to disable remoteshell completely and use SSSD to handle the host keys. Whatever you choose might work but keep in mind the issues. Is there’s something else uncovered? > > Thanks > > -- > TH > > > > _______________________________________________ > xCAT-user mailing list > xCAT-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/xcat-user _______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
