Proxmox Host SSH keys: Difference between revisions

From RoseWiki
Jump to navigation Jump to search
VisualWikitext
Created page with " May 3, 2024 Add bookmark #59 ufear said: So, if anybody runs into this. I couldn't get updatecerts to add keys for reinstalled nodes to the global /etc/pve/priv/ssh_known_hosts; however the folder /etc/pve/nodes/<nodename> contains a ssh_known_hosts file which contains the content you need; copy it over and the world is good again. Your post put me in the right track and it seems I'm able to connect by WebGUI shell from any host to any host in..."
 
No edit summary
 
(3 intermediate revisions by one other user not shown)
Line 1: Line 1:
== Intended method: ==
Delete old ssh host keys:
  rm /etc/ssh/ssh_host_*
Reconfigure OpenSSH Server:
  dpkg-reconfigure openssh-server
Update all ssh client(s) at ~/.ssh/known_hosts


Then update certs and keys ''on each machine'':
  pvecm updatecerts -f


    May 3, 2024
== Manual method<ref>https://forum.proxmox.com/threads/pvecm-updatecert-f-not-working.135812/page-3#post-660500</ref>: ==
 
If this fails (which it might), log into each troublesome node through SSHd and copy the public key from  
    Add bookmark
  /etc/ssh/ssh_host_rsa_key.pub.
    #59
Copy this to  
 
  /etc/pve/nodes/<node>/ssh_known_hosts  
    ufear said:
and prepend it with that machine's hostname. Assuming a hostname of pve1, this line should appear as
    So, if anybody runs into this. I couldn't get updatecerts to add keys for reinstalled nodes to the global /etc/pve/priv/ssh_known_hosts; however the folder /etc/pve/nodes/<nodename> contains a ssh_known_hosts file which contains the content you need; copy it over and the world is good again.
  pve1 ssh-rsa <key>
 
Then restart the SSH daemon:
 
  systemctl restart sshd
Your post put me in the right track and it seems I'm able to connect by WebGUI shell from any host to any host in the cluster now.
 
The problem was that two of my nodes were missing ssh_known_hosts file in
Code:
 
/etc/pve/nodes/<node>/
 
(The hosts that gave me KEY CHANGED warning in WebGUI Shell)
 
I logged in to both troublesome nodes via ssh terminal and copied SSH public key from
Code:
 
/etc/ssh/ssh_host_rsa_key.pub
 
to
Code:
 
/etc/pve/nodes/<node>/ssh_known_hosts
 
file and added the node hostname in the beginning of the line before RSA public key like so:
 
Code:
 
NodeHostname ssh-rsa <the_rsa_pub_key>
 
 
after that I restarted SSH service systemctl restart sshd on both nodes (not sure if necessary)
 
This seems to have worked.

Latest revision as of 18:46, 13 December 2024

Intended method:

Delete old ssh host keys: 

 rm /etc/ssh/ssh_host_*

Reconfigure OpenSSH Server: 

 dpkg-reconfigure openssh-server

Update all ssh client(s) at ~/.ssh/known_hosts

Then update certs and keys on each machine: 

 pvecm updatecerts -f

Manual method[1]:

If this fails (which it might), log into each troublesome node through SSHd and copy the public key from 

 /etc/ssh/ssh_host_rsa_key.pub.

Copy this to 

 /etc/pve/nodes/<node>/ssh_known_hosts

and prepend it with that machine's hostname. Assuming a hostname of pve1, this line should appear as 

 pve1 ssh-rsa <key>

Then restart the SSH daemon: 

 systemctl restart sshd
  1. https://forum.proxmox.com/threads/pvecm-updatecert-f-not-working.135812/page-3#post-660500
Retrieved from "https://www.rosemarknetworks.com/wiki/index.php?title=Proxmox_Host_SSH_keys&oldid=125"