[pve-devel] [RFC cluster 1/2] fix #4886: write node SSH hostkey to pmxcfs

[Fabian Grünbichler]

so that we can explicitly pin just this key when doing intra-cluster SSH
connections. this works similar to the certificate cache we use for API
proxying, but without automatic invalidation, since node A doesn't have access
to node B's host key..

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---

Notes:
    we could store more than just the RSA one there, but that would have some
    potential for fallout..

 src/PVE/Cluster/Setup.pm | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/PVE/Cluster/Setup.pm b/src/PVE/Cluster/Setup.pm
index 4b12bb8..ca73765 100644
--- a/src/PVE/Cluster/Setup.pm
+++ b/src/PVE/Cluster/Setup.pm
@@ -220,6 +220,20 @@ sub ssh_unmerge_known_hosts {
     PVE::Tools::file_set_contents($ssh_system_known_hosts, $old);
 }
 
+sub ssh_create_node_known_hosts {
+    my ($nodename) = @_;
+
+    my $hostkey = PVE::Tools::file_get_contents($ssh_host_rsa_id);
+    # Note: file sometimes containe emty lines at start, so we use multiline match
+    die "can't parse $ssh_host_rsa_id" if $hostkey !~ m/^(ssh-rsa\s\S+)(\s.*)?$/m;
+    $hostkey = $1;
+
+    my $raw = "$nodename $hostkey";
+    PVE::Tools::file_set_contents("/etc/pve/nodes/$nodename/ssh_known_hosts", $raw);
+
+    # TODO: also setup custom keypair and client config here to disentangle entirely from /root/.ssh?
+}
+
 sub ssh_merge_known_hosts {
     my ($nodename, $ip_address, $createLink) = @_;
 
@@ -823,6 +837,7 @@ sub updatecerts_and_ssh {
     $p->("merge authorized SSH keys and known hosts");
     ssh_merge_keys();
     ssh_merge_known_hosts($nodename, $local_ip_address, 1);
+    ssh_create_node_known_hosts($nodename);
     gen_pve_vzdump_files();
 }
 
-- 
2.39.2