Package: salt-ssh Version: 2018.3.4+dfsg1-6 Severity: normal After upgrading to buster, salt-ssh was no longer able to connect to my configured hosts. Instead, I'd get a 'do you want to deploy the salt-ssh key?' prompt. I said yes and salt deployed a strange key.
Tracking down the key pointed me to /var/lib/salt: $ sudo salt-ssh -l trace ravenhurst test.ping 2>&1 | grep IdentityFile [TRACE ] Executing command: ssh ravenhurst.kallisti.us -o KbdInteractiveAuthentication=no -o PasswordAuthentication=no -o GSSAPIAuthentication=no -o ConnectTimeout=65 -o Port=22 -o IdentityFile=/var/lib/salt/pki/master/ssh/salt-ssh.rsa -o User=root /bin/sh << 'EOF' But the pki_dir setting is the default: $ sudo grep -r pki_dir: /etc/salt /etc/salt/master:#pki_dir: /etc/salt/pki/master As a workaround, I moved /var/lib/salt/pki/master out of the way and symlinked it to /etc/salt/pki/master. Ross -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (500, 'stable'), (40, 'unstable'), (30, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages salt-ssh depends on: ii python3 3.7.3-1 ii salt-common 2018.3.4+dfsg1-6 salt-ssh recommends no packages. salt-ssh suggests no packages. -- Configuration Files: /etc/salt/roster changed [not included] -- no debconf information