From Fedora Project Wiki

mNo edit summary
No edit summary
Line 14: Line 14:
== Replacing Key ==
== Replacing Key ==


If you install a new server or change a host key.  use ssh-keyscan.
If you install a new server or change a host key.  use ssh-keyscan.  Remember to include both the short hostname *AND* the ip address.


<pre>
<pre>
[mmcgrath@puppet1 .ssh]$ ssh-keyscan -t rsa app1
[mmcgrath@puppet1 .ssh]$ ssh-keyscan -t rsa app1,10.8.34.59
# app1 SSH-2.0-OpenSSH_4.3
# app1 SSH-2.0-OpenSSH_4.3
app1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtabx7H5RFxs/O2WPd0Hh9V302mKPXEF1N+FifLZj3WIbm757Lh6sUZpzBAQqi+MaOtXnFFs6TDemblPRNPNTcXBNtlVM/EBd80axN69qHHxvUBuozE5Rzpo1oSFwVzL/Y0lAsyzC81xEftXo+S/at+vGXpntnt5p/LtmpqVr/7kxjRZLhOqtxiPg0M0mmCu68DVMxWhlYjQDGyVNW1GrzaqBUWx3AdbJQsJpFK/bmybDD2bxnjWXJdtgelZaanpoauPlbad5ORsXZSNHSxzcS0INFJC2xxrXpvT8H84T11659pQUAkic3S4LmscjeVc5m7XEFNIhwAUJVq9uhdtYAQ==
app1,10.8.34.59 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtabx7H5RFxs/O2WPd0Hh9V302mKPXEF1N+FifLZj3WIbm757Lh6sUZpzBAQqi+MaOtXnFFs6TDemblPRNPNTcXBNtlVM/EBd80axN69qHHxvUBuozE5Rzpo1oSFwVzL/Y0lAsyzC81xEftXo+S/at+vGXpntnt5p/LtmpqVr/7kxjRZLhOqtxiPg0M0mmCu68DVMxWhlYjQDGyVNW1GrzaqBUWx3AdbJQsJpFK/bmybDD2bxnjWXJdtgelZaanpoauPlbad5ORsXZSNHSxzcS0INFJC2xxrXpvT8H84T11659pQUAkic3S4LmscjeVc5m7XEFNIhwAUJVq9uhdtYAQ==
</pre>
</pre>



Revision as of 21:14, 10 December 2008

ssh_host_keys - SOP

Contact Information

Owner: Fedora Infrastructure Team

Contact: #fedora-admin, sysadmin group

Location: all

Servers: all

Purpose: Provides Known Hosts file that is globally deployed.

Replacing Key

If you install a new server or change a host key. use ssh-keyscan. Remember to include both the short hostname *AND* the ip address.

[mmcgrath@puppet1 .ssh]$ ssh-keyscan -t rsa app1,10.8.34.59
# app1 SSH-2.0-OpenSSH_4.3
app1,10.8.34.59 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtabx7H5RFxs/O2WPd0Hh9V302mKPXEF1N+FifLZj3WIbm757Lh6sUZpzBAQqi+MaOtXnFFs6TDemblPRNPNTcXBNtlVM/EBd80axN69qHHxvUBuozE5Rzpo1oSFwVzL/Y0lAsyzC81xEftXo+S/at+vGXpntnt5p/LtmpqVr/7kxjRZLhOqtxiPg0M0mmCu68DVMxWhlYjQDGyVNW1GrzaqBUWx3AdbJQsJpFK/bmybDD2bxnjWXJdtgelZaanpoauPlbad5ORsXZSNHSxzcS0INFJC2xxrXpvT8H84T11659pQUAkic3S4LmscjeVc5m7XEFNIhwAUJVq9uhdtYAQ==

Copy the non-commented line and place it in the puppet repo under:

puppet/modules/ssh/files/ssh_known_hosts

Please put them in alphabetical order.