Proxmox Host SSH keys: Difference between revisions

From RoseWiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
mNo edit summary
No edit summary
 
Line 1: Line 1:
== Intended method: ==
Delete old ssh host keys:
  rm /etc/ssh/ssh_host_*
Reconfigure OpenSSH Server:
  dpkg-reconfigure openssh-server
Update all ssh client(s) at ~/.ssh/known_hosts


Follow these steps to regenerate OpenSSH Host Keys after cloning a Proxmox host.
Then update certs and keys ''on each machine'':
  pvecm updatecerts -f


    Delete old ssh host keys: rm /etc/ssh/ssh_host_*
== Manual method<ref>https://forum.proxmox.com/threads/pvecm-updatecert-f-not-working.135812/page-3#post-660500</ref>: ==
    Reconfigure OpenSSH Server: dpkg-reconfigure openssh-server
If this fails (which it might), log into each troublesome node through SSHd and copy the public key from  
    Update all ssh client(s) ~/.ssh/known_hosts files
  /etc/ssh/ssh_host_rsa_key.pub.
 
Copy this to  
 
  /etc/pve/nodes/<node>/ssh_known_hosts  
    pvecm updatecerts -f
and prepend it with that machine's hostname. Assuming a hostname of pve1, this line should appear as
 
  pve1 ssh-rsa <key>
    ufear said:
Then restart the SSH daemon:
    So, if anybody runs into this. I couldn't get updatecerts to add keys for reinstalled nodes to the global /etc/pve/priv/ssh_known_hosts; however the folder /etc/pve/nodes/<nodename> contains a ssh_known_hosts file which contains the content you need; copy it over and the world is good again.
  systemctl restart sshd
 
 
Your post put me in the right track and it seems I'm able to connect by WebGUI shell from any host to any host in the cluster now.
 
The problem was that two of my nodes were missing ssh_known_hosts file in
Code:
 
/etc/pve/nodes/<node>/
 
(The hosts that gave me KEY CHANGED warning in WebGUI Shell)
 
I logged in to both troublesome nodes via ssh terminal and copied SSH public key from
Code:
 
/etc/ssh/ssh_host_rsa_key.pub
 
to
Code:
 
/etc/pve/nodes/<node>/ssh_known_hosts
 
file and added the node hostname in the beginning of the line before RSA public key like so:
 
Code:
 
NodeHostname ssh-rsa <the_rsa_pub_key>
 
 
after that I restarted SSH service systemctl restart sshd on both nodes (not sure if necessary)
 
This seems to have worked.

Latest revision as of 18:46, 13 December 2024

Intended method:

Delete old ssh host keys: 

 rm /etc/ssh/ssh_host_*

Reconfigure OpenSSH Server: 

 dpkg-reconfigure openssh-server

Update all ssh client(s) at ~/.ssh/known_hosts

Then update certs and keys on each machine: 

 pvecm updatecerts -f

Manual method[1]:

If this fails (which it might), log into each troublesome node through SSHd and copy the public key from 

 /etc/ssh/ssh_host_rsa_key.pub.

Copy this to 

 /etc/pve/nodes/<node>/ssh_known_hosts

and prepend it with that machine's hostname. Assuming a hostname of pve1, this line should appear as 

 pve1 ssh-rsa <key>

Then restart the SSH daemon: 

 systemctl restart sshd
  1. https://forum.proxmox.com/threads/pvecm-updatecert-f-not-working.135812/page-3#post-660500
Retrieved from "https://www.rosemarknetworks.com/wiki/index.php?title=Proxmox_Host_SSH_keys&oldid=125"