[Ovirt-devel] [PATCH node-image] Add ability to set persistent ssh_host_keys on the node, usefull if you run diskless instance of ovirt-node
Perry Myers
pmyers at redhat.com
Thu Sep 10 13:38:12 UTC 2009
On 09/10/2009 09:25 AM, Darryl L. Pierce wrote:
> On Thu, Sep 10, 2009 at 09:14:02AM -0400, Darryl L. Pierce wrote:
>> ACK. This works as expected.
>>
>> I copied the SSH keys for my laptop into my build environment, then
>> built and installed a managed node. I was able to SSH into the node
>> without a password prompt.
>
> (I responded too early before)
>
> NAK, based on security review.
>
> While technically this works, from a security standpoint it is not
> a good idea to have all managed nodes use the same SSH keys, since it
> makes it far too easy to compromise an entire environment by hacking one
> machine.
Also, if the issue is just annoyance at constantly changing host keys in a
development environment, you can tell the ssh client to ignore host keys
with the following syntax:
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null <host>
That will quash the error messages you would normally otherwise get from
sshing to the same ip address (i.e. same Node) as it changes ssh host keys
from one build to the next.
Certainly this is not recommended in a production environment, but for
development (where you do lots of builds and the node host keys change
frequently) this is fine.
Perry
More information about the ovirt-devel
mailing list