[pve-devel] applied-series: [PATCH cluster/manager/storage/docs 0/9] fix #4886: improve SSH handling

Thomas Lamprecht t.lamprecht at proxmox.com
Fri Apr 19 09:11:15 CEST 2024 

Am 11/01/2024 um 11:51 schrieb Fabian Grünbichler:
> this series replaces the old mechanism that used a cluster-wide merged known
> hosts file with distributing of each node's host key via pmxcfs, and pinning
> the distributed key explicitly for internal SSH connections.
> 
> the main changes in pve-cluster somewhat break the old manager and
> storage versions, but only when such a partial upgrade is mixed with a
> host key rotation of some sort.
> 
> pve-storage uses a newly introduced helper, so needs a versioned
> dependency accordingly.
> 
> the last pve-docs patch has a placeholder for the actual version shipping the
> changes which needs to be replaced when applying.
> 
> there's still some potential for follow-ups:
> - 'pvecm ssh' wrapper to debug and/or re-use the host key pinning (and other
>   future changes)
> - also add non-RSA host keys
> - key (and thus authorized keys) and/or sshd disentangling (this
>   potentially also affects external access, so might be done on a major
>   release to give more heads up)
> 
> cluster:
> 
> Fabian Grünbichler (4):
>   fix #4886: write node SSH hostkey to pmxcfs
>   fix #4886: SSH: pin node's host key if available
>   ssh: expose SSH options on their own
>   pvecm: stop merging SSH known hosts by default
> 
>  src/PVE/CLI/pvecm.pm     | 10 ++++++++--
>  src/PVE/Cluster/Setup.pm | 24 +++++++++++++++++++++---
>  src/PVE/SSHInfo.pm       | 31 +++++++++++++++++++++++++++----
>  3 files changed, 56 insertions(+), 9 deletions(-)
> 
> docs:
> 
> Fabian Grünbichler (2):
>   ssh: make pitfalls a regular section instead of block
>   ssh: document PVE-specific setup
> 
>  pvecm.adoc | 26 +++++++++++++++++++++-----
>  1 file changed, 21 insertions(+), 5 deletions(-)
> 
> manager:
> 
> Fabian Grünbichler (2):
>   vnc: use SSH command helper
>   pvesh: use SSH command helper
> 
>  PVE/API2/Nodes.pm | 3 ++-
>  PVE/CLI/pvesh.pm  | 4 ++--
>  2 files changed, 4 insertions(+), 3 deletions(-)
> 
> storage:
> 
> Fabian Grünbichler (1):
>   upload: use SSH helper to get ssh/scp options
> 
>  src/PVE/API2/Storage/Status.pm | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 


applied series, thanks!

More information about the pve-devel mailing list