Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

SSH: Pulling a host key from NIS?

  • 11-05-2007 4:44pm
    #1
    Registered Users, Registered Users 2 Posts: 304 ✭✭


    Ok,

    I realise that this might cause some of you pain just to think about this, but I thought I'd ask anyway.

    We have a number of Solaris machines that are reinstalled constantly (jumpstart and wanboot). Now due to various pressures, we're being encouraged to use ssh rather than telnet or rlogin - which I'm quite happy to do.

    However, there's a slight problem (you're probably way ahead of me).

    Every time we reinstall Solaris, we generate new host keys. So if ever we try to connect, ssh will complain at us... making life difficult.

    So, given that we work in a safe environment, we were thinking if there was any way to standardise the host keys (with a unique one per host), so that they persist even after reinstallation. One of the guys thought there's a documented way to do it in NIS and, given we use that anyway for tying IPs to mac addresses, we feel it might be one to persue. However, anything I look up in Google doesn't seem to want to do that.

    So, 1/ is it possible, 2/ if so, how do I do it? 3/ Regardless of if I can/can't is there possibly an easier way?

    P.B.


Comments

  • Registered Users, Registered Users 2 Posts: 2,755 ✭✭✭niallb


    Been there, and it's annoying.
    I backup my hostkeys and restore them manually after reinstall.
    I only restore them after I'm satisfied all services are running
    identically to the former incarnation, so I'm fairly happy that
    until then connections barf on the wrong key.


  • Registered Users, Registered Users 2 Posts: 304 ✭✭PhantomBeaker


    Ah, in this case, they're not really infrastructure servers... they're test machines that are reinstalled pretty regularly (nearly 15 times a day), so we're not relying on them for services, but if we ever want to get in there, it'd be nice not having to tell ssh that it's ok to get in. So I was hoping there'd be some generally accepted way to get a machine to pull a key for itself with each reinstall, rather than pulling together an ad hoc customisation script to do it.


  • Closed Accounts Posts: 68 ✭✭nuada


    Why not just install the os from an image and that way have the same key each time?


  • Registered Users, Registered Users 2 Posts: 36 ld50


    Tell ssh to be a little less secure with host keys.

    Add 'StrictHostKeyChecking no' to your ~/.ssh/config file

    ssh will automatically add the new host key the first time to know_hosts. Then just warn you after that about a change if it's changed, but still log you in.

    mh


Advertisement