[yast-devel] SSH key changes between stage 1 and stage 2
Hi, I noticed that after you're done with stage 1 and the systems reboot, on stage 2 the SSH host key is different, which fires a warning for the client who already recorded the key in it's know_hosts. I think it would be interesting to avoid this issue by copying the keys from the RAM in stage 1 to the disk after partitioning it and before installing the system in it. I wanted to hear any comments or suggestions from this list and check if there's anything this behavior might affect for the worse. Thank you, -- Arthur V. -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
On Thu, Sep 11, 2008 at 03:54:11PM -0300, Arthur Rodrigo Sawazachi Valadares wrote:
Hi, I noticed that after you're done with stage 1 and the systems reboot, on stage 2 the SSH host key is different, which fires a warning for the client who already recorded the key in it's know_hosts. I think it would be interesting to avoid this issue by copying the keys from the RAM in stage 1 to the disk after partitioning it and before installing the system in it.
I wanted to hear any comments or suggestions from this list and check if there's anything this behavior might affect for the worse.
Hi Arthur, we already have some code which is supposed to address your issue: http://svn.opensuse.org/svn/yast/trunk/installation/src/clients/ssh_settings... You may want to file a bug (with y2logs). -- Martin Vidner, YaST developer http://en.opensuse.org/User:Mvidner Kuracke oddeleni v restauraci je jako fekalni oddeleni v bazenu -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
Martin Vidner wrote:
On Thu, Sep 11, 2008 at 03:54:11PM -0300, Arthur Rodrigo Sawazachi Valadares wrote:
Hi, I noticed that after you're done with stage 1 and the systems reboot, on stage 2 the SSH host key is different, which fires a warning for the client who already recorded the key in it's know_hosts. I think it would be interesting to avoid this issue by copying the keys from the RAM in stage 1 to the disk after partitioning it and before installing the system in it.
I wanted to hear any comments or suggestions from this list and check if there's anything this behavior might affect for the worse.
Hi Arthur,
we already have some code which is supposed to address your issue: http://svn.opensuse.org/svn/yast/trunk/installation/src/clients/ssh_settings...
You may want to file a bug (with y2logs).
Maybe the current ssh_settings_finish is in conflict with another feature that copies SSH keys from a previous installation (if found on disks). Bye Lukas
Hi Lukas, Martin, I looked further into it and apparently I was mistaken, from stage 1 to stage 2 what happens is a different type of key is used. In stage 1 it uses dss and in stage 2 rsa, I think. So it warns me of this, but does not block my access and adds the second key to known hosts. Thank you both for helping :) Arthur V. On Mon, 2008-09-22 at 13:07 +0200, Lukas Ocilka wrote:
Martin Vidner wrote:
On Thu, Sep 11, 2008 at 03:54:11PM -0300, Arthur Rodrigo Sawazachi Valadares wrote:
Hi, I noticed that after you're done with stage 1 and the systems reboot, on stage 2 the SSH host key is different, which fires a warning for the client who already recorded the key in it's know_hosts. I think it would be interesting to avoid this issue by copying the keys from the RAM in stage 1 to the disk after partitioning it and before installing the system in it.
I wanted to hear any comments or suggestions from this list and check if there's anything this behavior might affect for the worse.
Hi Arthur,
we already have some code which is supposed to address your issue: http://svn.opensuse.org/svn/yast/trunk/installation/src/clients/ssh_settings...
You may want to file a bug (with y2logs).
Maybe the current ssh_settings_finish is in conflict with another feature that copies SSH keys from a previous installation (if found on disks).
Bye Lukas
-- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
participants (3)
-
Arthur Rodrigo Sawazachi Valadares -
Lukas Ocilka -
Martin Vidner