[pve-devel] [PATCH cluster/manager/storage/docs 0/9] fix #4886: improve SSH handling
Fabian Grünbichler
f.gruenbichler at proxmox.com
Thu Jan 11 11:51:14 CET 2024
this series replaces the old mechanism that used a cluster-wide merged known
hosts file with distributing of each node's host key via pmxcfs, and pinning
the distributed key explicitly for internal SSH connections.
the main changes in pve-cluster somewhat break the old manager and
storage versions, but only when such a partial upgrade is mixed with a
host key rotation of some sort.
pve-storage uses a newly introduced helper, so needs a versioned
dependency accordingly.
the last pve-docs patch has a placeholder for the actual version shipping the
changes which needs to be replaced when applying.
there's still some potential for follow-ups:
- 'pvecm ssh' wrapper to debug and/or re-use the host key pinning (and other
future changes)
- also add non-RSA host keys
- key (and thus authorized keys) and/or sshd disentangling (this
potentially also affects external access, so might be done on a major
release to give more heads up)
cluster:
Fabian Grünbichler (4):
fix #4886: write node SSH hostkey to pmxcfs
fix #4886: SSH: pin node's host key if available
ssh: expose SSH options on their own
pvecm: stop merging SSH known hosts by default
src/PVE/CLI/pvecm.pm | 10 ++++++++--
src/PVE/Cluster/Setup.pm | 24 +++++++++++++++++++++---
src/PVE/SSHInfo.pm | 31 +++++++++++++++++++++++++++----
3 files changed, 56 insertions(+), 9 deletions(-)
docs:
Fabian Grünbichler (2):
ssh: make pitfalls a regular section instead of block
ssh: document PVE-specific setup
pvecm.adoc | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)
manager:
Fabian Grünbichler (2):
vnc: use SSH command helper
pvesh: use SSH command helper
PVE/API2/Nodes.pm | 3 ++-
PVE/CLI/pvesh.pm | 4 ++--
2 files changed, 4 insertions(+), 3 deletions(-)
storage:
Fabian Grünbichler (1):
upload: use SSH helper to get ssh/scp options
src/PVE/API2/Storage/Status.pm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--
2.39.2
More information about the pve-devel
mailing list