[pve-devel] [PATCH RFC 00/21] use ssh certificate based auth

Dietmar Maurer dietmar at proxmox.com
Mon Nov 28 08:08:52 CET 2016


This way we can replace all code to merge SSH known_hosts files
autorized_keys. It also exposes a new API (PVE/API2/ClusterConfig.pm),
and we can use that API over https to add new nodes.

Dietmar Maurer (21):
  add paths for SSH certificates
  add variable for default ssh key size $ssh_key_size
  setup_sshd_config: restructure code so that we can add more settings
    in future
  use run_command for ssh-keygen
  create a cluster wide SSH CA
  gen_pve_ssh_cert: new helper
  setup_sshd_config: allow certificate based auth
  updatecerts: change order - first update files on /etc/pve
  setup_sshd_config: generate $ssh_host_rsa_cert
  setup_sshd_config: add force flag (allow to regenerate cert)
  setup_rootsshconfig: generate $ssh_rsa_cert
  pvecm create: use same file creation order a updatecerts
  code cleanup: factor out common code
  pcecm add: reuse code from update_cluster_files
  PVE::API2::ClusterConfig: add API class for cluster configuration
  add API to query totem protocol settings
  expose addnode/delnode on new cluster config API
  add helpers to access the API via https - needs libwww-perl
  use https API call for addnode
  remove code to merge ssh authorized_keys
  ssh_merge_known_hosts: simply add cert-authority

 data/PVE/API2/ClusterConfig.pm | 302 +++++++++++++++++++++
 data/PVE/CLI/pvecm.pm          | 592 ++++++++++++++++-------------------------
 data/PVE/Cluster.pm            | 420 ++++++++++++++++-------------
 data/PVE/Makefile.am           |   3 +
 debian/control                 |   2 +-
 5 files changed, 770 insertions(+), 549 deletions(-)
 create mode 100644 data/PVE/API2/ClusterConfig.pm

-- 
2.1.4




More information about the pve-devel mailing list