Proxmox Host SSH keys: Difference between revisions

Latest revision as of 18:46, 13 December 2024

Intended method:

Delete old ssh host keys:

 rm /etc/ssh/ssh_host_*

Reconfigure OpenSSH Server:

 dpkg-reconfigure openssh-server

Update all ssh client(s) at ~/.ssh/known_hosts

Then update certs and keys on each machine:

 pvecm updatecerts -f

Manual method^[1]:

If this fails (which it might), log into each troublesome node through SSHd and copy the public key from

 /etc/ssh/ssh_host_rsa_key.pub.

Copy this to

 /etc/pve/nodes/<node>/ssh_known_hosts

and prepend it with that machine's hostname. Assuming a hostname of pve1, this line should appear as

 pve1 ssh-rsa <key>

Then restart the SSH daemon:

 systemctl restart sshd

↑ https://forum.proxmox.com/threads/pvecm-updatecert-f-not-working.135812/page-3#post-660500

[1] ttps://forum.proxmox.com/threads/pvecm-updatecert-f-not-working.135812/page-3#post-660500

[1]

@@ Line 1: / Line 1: @@
+== Intended method: ==
+Delete old ssh host keys:
+  rm /etc/ssh/ssh_host_*
+Reconfigure OpenSSH Server:
+  dpkg-reconfigure openssh-server
+Update all ssh client(s) at ~/.ssh/known_hosts
-    pvecm updatecerts -f
+Then update certs and keys ''on each machine'':
+  pvecm updatecerts -f
-    ufear said:
+== Manual method<ref>https://forum.proxmox.com/threads/pvecm-updatecert-f-not-working.135812/page-3#post-660500</ref>: ==
-    So, if anybody runs into this. I couldn't get updatecerts to add keys for reinstalled nodes to the global /etc/pve/priv/ssh_known_hosts; however the folder /etc/pve/nodes/<nodename> contains a ssh_known_hosts file which contains the content you need; copy it over and the world is good again.
+If this fails (which it might), log into each troublesome node through SSHd and copy the public key from
+  /etc/ssh/ssh_host_rsa_key.pub.
+Copy this to
-Your post put me in the right track and it seems I'm able to connect by WebGUI shell from any host to any host in the cluster now.
+  /etc/pve/nodes/<node>/ssh_known_hosts
+and prepend it with that machine's hostname. Assuming a hostname of pve1, this line should appear as
-The problem was that two of my nodes were missing ssh_known_hosts file in
+  pve1 ssh-rsa <key>
-Code:
+Then restart the SSH daemon:
+  systemctl restart sshd
-/etc/pve/nodes/<node>/
-(The hosts that gave me KEY CHANGED warning in WebGUI Shell)
-I logged in to both troublesome nodes via ssh terminal and copied SSH public key from
-Code:
-/etc/ssh/ssh_host_rsa_key.pub
-to
-Code:
-/etc/pve/nodes/<node>/ssh_known_hosts
-file and added the node hostname in the beginning of the line before RSA public key like so:
-Code:
-NodeHostname ssh-rsa <the_rsa_pub_key>
-after that I restarted SSH service systemctl restart sshd on both nodes (not sure if necessary)
-This seems to have worked.

Proxmox Host SSH keys: Difference between revisions

Latest revision as of 18:46, 13 December 2024

Intended method:

Manual method[1]:

Navigation menu

Search

Manual method^[1]: