Proxmox Host SSH keys: Difference between revisions

From RoseWiki
Jump to navigation Jump to search
mNo edit summary
mNo edit summary
Line 1: Line 1:
Follow these steps to regenerate OpenSSH Host Keys
    Delete old ssh host keys: rm /etc/ssh/ssh_host_*
    Reconfigure OpenSSH Server: dpkg-reconfigure openssh-server
    Update all ssh client(s) ~/.ssh/known_hosts files


     pvecm updatecerts -f
     pvecm updatecerts -f

Revision as of 00:06, 4 December 2024

Follow these steps to regenerate OpenSSH Host Keys

   Delete old ssh host keys: rm /etc/ssh/ssh_host_*
   Reconfigure OpenSSH Server: dpkg-reconfigure openssh-server
   Update all ssh client(s) ~/.ssh/known_hosts files


   pvecm updatecerts -f
   ufear said:
   So, if anybody runs into this. I couldn't get updatecerts to add keys for reinstalled nodes to the global /etc/pve/priv/ssh_known_hosts; however the folder /etc/pve/nodes/<nodename> contains a ssh_known_hosts file which contains the content you need; copy it over and the world is good again.


Your post put me in the right track and it seems I'm able to connect by WebGUI shell from any host to any host in the cluster now.

The problem was that two of my nodes were missing ssh_known_hosts file in Code:

/etc/pve/nodes/<node>/

(The hosts that gave me KEY CHANGED warning in WebGUI Shell)

I logged in to both troublesome nodes via ssh terminal and copied SSH public key from Code:

/etc/ssh/ssh_host_rsa_key.pub

to Code:

/etc/pve/nodes/<node>/ssh_known_hosts

file and added the node hostname in the beginning of the line before RSA public key like so:

Code:

NodeHostname ssh-rsa <the_rsa_pub_key>


after that I restarted SSH service systemctl restart sshd on both nodes (not sure if necessary)

This seems to have worked.