[pve-devel] [PATCH RFC 00/21] use ssh certificate based auth
Dietmar Maurer
dietmar at proxmox.com
Mon Nov 28 08:08:52 CET 2016
This way we can replace all code to merge SSH known_hosts files
autorized_keys. It also exposes a new API (PVE/API2/ClusterConfig.pm),
and we can use that API over https to add new nodes.
Dietmar Maurer (21):
add paths for SSH certificates
add variable for default ssh key size $ssh_key_size
setup_sshd_config: restructure code so that we can add more settings
in future
use run_command for ssh-keygen
create a cluster wide SSH CA
gen_pve_ssh_cert: new helper
setup_sshd_config: allow certificate based auth
updatecerts: change order - first update files on /etc/pve
setup_sshd_config: generate $ssh_host_rsa_cert
setup_sshd_config: add force flag (allow to regenerate cert)
setup_rootsshconfig: generate $ssh_rsa_cert
pvecm create: use same file creation order a updatecerts
code cleanup: factor out common code
pcecm add: reuse code from update_cluster_files
PVE::API2::ClusterConfig: add API class for cluster configuration
add API to query totem protocol settings
expose addnode/delnode on new cluster config API
add helpers to access the API via https - needs libwww-perl
use https API call for addnode
remove code to merge ssh authorized_keys
ssh_merge_known_hosts: simply add cert-authority
data/PVE/API2/ClusterConfig.pm | 302 +++++++++++++++++++++
data/PVE/CLI/pvecm.pm | 592 ++++++++++++++++-------------------------
data/PVE/Cluster.pm | 420 ++++++++++++++++-------------
data/PVE/Makefile.am | 3 +
debian/control | 2 +-
5 files changed, 770 insertions(+), 549 deletions(-)
create mode 100644 data/PVE/API2/ClusterConfig.pm
--
2.1.4
More information about the pve-devel
mailing list