Am 11/01/2024 um 11:51 schrieb Fabian Grünbichler: > this series replaces the old mechanism that used a cluster-wide merged known > hosts file with distributing of each node's host key via pmxcfs, and pinning > the distributed key explicitly for internal SSH connections. > > the main changes in pve-cluster somewhat break the old manager and > storage versions, but only when such a partial upgrade is mixed with a > host key rotation of some sort. > > pve-storage uses a newly introduced helper, so needs a versioned > dependency accordingly. > > the last pve-docs patch has a placeholder for the actual version shipping the > changes which needs to be replaced when applying. > > there's still some potential for follow-ups: > - 'pvecm ssh' wrapper to debug and/or re-use the host key pinning (and other > future changes) > - also add non-RSA host keys > - key (and thus authorized keys) and/or sshd disentangling (this > potentially also affects external access, so might be done on a major > release to give more heads up) > > cluster: > > Fabian Grünbichler (4): > fix #4886: write node SSH hostkey to pmxcfs > fix #4886: SSH: pin node's host key if available > ssh: expose SSH options on their own > pvecm: stop merging SSH known hosts by default > > src/PVE/CLI/pvecm.pm | 10 ++++++++-- > src/PVE/Cluster/Setup.pm | 24 +++++++++++++++++++++--- > src/PVE/SSHInfo.pm | 31 +++++++++++++++++++++++++++---- > 3 files changed, 56 insertions(+), 9 deletions(-) > > docs: > > Fabian Grünbichler (2): > ssh: make pitfalls a regular section instead of block > ssh: document PVE-specific setup > > pvecm.adoc | 26 +++++++++++++++++++++----- > 1 file changed, 21 insertions(+), 5 deletions(-) > > manager: > > Fabian Grünbichler (2): > vnc: use SSH command helper > pvesh: use SSH command helper > > PVE/API2/Nodes.pm | 3 ++- > PVE/CLI/pvesh.pm | 4 ++-- > 2 files changed, 4 insertions(+), 3 deletions(-) > > storage: > > Fabian Grünbichler (1): > upload: use SSH helper to get ssh/scp options > > src/PVE/API2/Storage/Status.pm | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) >
applied series, thanks! _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel