[Bug 892554] Re: SSH keys summary does not report ECDSA key
** Changed in: cloud-init Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/892554 Title: SSH keys summary does not report ECDSA key To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/892554/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 892554] Re: SSH keys summary does not report ECDSA key
** Changed in: cloud-init (Ubuntu) Status: Triaged = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/892554 Title: SSH keys summary does not report ECDSA key To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/892554/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 892554] Re: SSH keys summary does not report ECDSA key
On Mon, Nov 21, 2011 at 07:44:13PM -, Scott Moser wrote: I don't think there is enough information to create an ssh known_hosts entry from the fingerprint. I've written a blog post at http://ubuntu-smoser.blogspot.com/2010/07/verify-ssh-keys-on-ec2-instances.html demonstrating how to check the host before connecting. Ah, nice. This is a reasonable way to handle it for the moment. Unfortunately, I don't think we can reasonably ditch the old default behavior as many tools have been written to scrape console output looking for this formated string. Right, I don't meant to ditch the fingerprint report, but instead, allow one to skip the ssh-keyscan step, and just pull the .pub file directly out of the console output. i.e. _add_ it to the console output. -- Kees Cook -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/892554 Title: SSH keys summary does not report ECDSA key To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/892554/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 892554] Re: SSH keys summary does not report ECDSA key
What's the best way to add a known_hosts entry from these fingerprints? Maybe the -e option should be used instead of -l ? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/892554 Title: SSH keys summary does not report ECDSA key To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/892554/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 892554] Re: SSH keys summary does not report ECDSA key
What's the best way to add a known_hosts entry from these fingerprints? Maybe the -e option should be used instead of -l ? I don't think there is enough information to create an ssh known_hosts entry from the fingerprint. I've written a blog post at http://ubuntu-smoser.blogspot.com/2010/07/verify-ssh-keys-on-ec2-instances.html demonstrating how to check the host before connecting. I think the original intent of this feature (before my time) was to serve humans verifying the remote host, thus the fingerprint makes sense. However, it seems that it would make sense to support outputting something more machine consumable, which the 'ssh -e' would be better for. I'm open to adding a cloud-config option for this. Care to open a bug? Unfortunately, I don't think we can reasonably ditch the old default behavior as many tools have been written to scrape console output looking for this formated string. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/892554 Title: SSH keys summary does not report ECDSA key To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/892554/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 892554] Re: SSH keys summary does not report ECDSA key
Love the known_hosts suitable output format idea! It doesn't even need to be an option. Split that off into bug #893400. The current ticket can remain for adding the ECDSA ssh key fingerprint. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/892554 Title: SSH keys summary does not report ECDSA key To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/892554/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 892554] Re: SSH keys summary does not report ECDSA key
This was actually fix-committed in upstream cloud-init at revision 471. http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/revision/471 -ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub -ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub +for f in /etc/ssh/ssh_host_*key.pub; do +[ -f $f ] || continue +ssh-keygen -l -f $f +done ** Also affects: cloud-init Importance: Undecided Status: New ** Changed in: cloud-init Importance: Undecided = Medium ** Changed in: cloud-init Status: New = Fix Committed ** Changed in: cloud-init (Ubuntu) Importance: Undecided = Medium ** Changed in: cloud-init (Ubuntu) Status: New = Triaged ** Changed in: cloud-init (Ubuntu) Milestone: None = ubuntu-12.04-beta-1 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/892554 Title: SSH keys summary does not report ECDSA key To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/892554/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
