** Description changed: In bug #892554, Kees Cook (kees) makes a great suggestion that cloud- init could output the public ssh host keys to the console output. This could then be read by automated software outside of the instance and added to a known_hosts file using the IP address and/or hostname that the remote system wishes to use to connect to the instance. As Scott Moser (smoser) points out, the existing ssh host key fingerprints should be left in the output in the current de facto standard format so as to not break any existing software or human processes that check this. The new output should be added using a different set of public ssh host key delimiters (see proposed format below). There is no need to require a cloud-init configuration option; this information should always be output. Extra information in the console output should not interfere with any existing programs as long as it is separate from the existing formatted information. - The simplest way to present the information might be to just print out - the first two fields of all public host keys. For example: + The simplest way to present the information might be to just output the + contents of all public host keys. For example: - cut -f1-2 -d' ' /etc/ssh/ssh_host_*_key.pub + cat /etc/ssh/ssh_host_*_key.pub The client system would query the console output, select one of these ssh host keys, and add it to known_hosts, prepended by the IP address and/or hostnames that it wishes to use to connect to the instance. Here's an example of what this might look like in the console output: -----BEGIN PUBLIC SSH HOST KEYS----- - ssh-dss AAAAB3NzaC1kc3MAAACBAOx12z6/snxt5HWbRZNmvs/hH+5EXsLLKR4XnyH56EQFNmpxGy3O5qBNvNpt4GejLmFR6TJdMANwFhkOfUkLcotTpgm+z3nA4wFUZt23o2CjYvqHSx5pOON390XM6xHhXzlGlkip5XUVM4flNhwQNAvt+9bo3//OTtXEZ1ZZ2M8bAAAAFQDiJIlHJxNS2jOsiHIsm5g3Vl5JuwAAAIEAiZXdnPnupHa5EvqAmaa0Gdzqp1mcRm7a/ovQ/Oko/IByF0OqAEZtb3VevUOoC1HFBoYfcP1kRKdey/W7TyLJPYWt/ZuMdNmZSuPZt7U99WkRt+sGfOlTc2PnxbKzbC+dqcBpuVvjy7AJEngucUJ8lykrpR30Fo538KkSHcITf+QAAACBAONcYr7hoksk3BhtvxFKjXoqcwBiDxAuj+aq90oWsenWfStuOO84eg1tJhZNp0VFv9mICevICoY4P+3ZjD7SvTdq5Xk3Uw4wabgFE4rBwS4XrZMA9+O9/S8+b20h+pQSbfwZIZiULTjBP2I89acPExhmrApSpZ+ByqB3HvnKawG+ - ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD3aGodGnmPfXEWBRKKVW/zkKP+vC/HPBmNg87gcLLx+WwT7UQgKxsZXVWhccs2BEwbvik/dlfcQX1Zby0ZSYgQ= - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0I3L8UiDoF4LkzpJNHBDM2w9JFE6CbvmAQgW6+czbDOwvrFxQU2rw2HLLUOn+Z2WCE5AJSY7E7pxCrDo1v27hkVgaM6KqWks74vYxIkqfGCyf31y1N8QrmVCsAC74KFp9rhwP0uHmrN8XUIYFik8MoNphf+2aKWieJdZtzQGQ22mNNKDkP1yX3Uvb1QI+8d770dcIqr61AwkUBQgPgPyeii8W7r2+nq1lNQEnYts0N+13+40lEShnrRtsdKY6diEVs2uQId7VWw04lXOzWGi8oSWlunDWyRCQPtfvBFQtJ8AsivyZjmBuN9VJSDHLY1EQhXayygKfi6u6GKFVLZmd + ssh-dss AAAAB3NzaC1kc3MAAACBAOx12z6/snxt5HWbRZNmvs/hH+5EXsLLKR4XnyH56EQFNmpxGy3O5qBNvNpt4GejLmFR6TJdMANwFhkOfUkLcotTpgm+z3nA4wFUZt23o2CjYvqHSx5pOON390XM6xHhXzlGlkip5XUVM4flNhwQNAvt+9bo3//OTtXEZ1ZZ2M8bAAAAFQDiJIlHJxNS2jOsiHIsm5g3Vl5JuwAAAIEAiZXdnPnupHa5EvqAmaa0Gdzqp1mcRm7a/ovQ/Oko/IByF0OqAEZtb3VevUOoC1HFBoYfcP1kRKdey/W7TyLJPYWt/ZuMdNmZSuPZt7U99WkRt+sGfOlTc2PnxbKzbC+dqcBpuVvjy7AJEngucUJ8lykrpR30Fo538KkSHcITf+QAAACBAONcYr7hoksk3BhtvxFKjXoqcwBiDxAuj+aq90oWsenWfStuOO84eg1tJhZNp0VFv9mICevICoY4P+3ZjD7SvTdq5Xk3Uw4wabgFE4rBwS4XrZMA9+O9/S8+b20h+pQSbfwZIZiULTjBP2I89acPExhmrApSpZ+ByqB3HvnKawG+ root@ip-10-32-30-193 + ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD3aGodGnmPfXEWBRKKVW/zkKP+vC/HPBmNg87gcLLx+WwT7UQgKxsZXVWhccs2BEwbvik/dlfcQX1Zby0ZSYgQ= root@ip-10-32-30-193 + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0I3L8UiDoF4LkzpJNHBDM2w9JFE6CbvmAQgW6+czbDOwvrFxQU2rw2HLLUOn+Z2WCE5AJSY7E7pxCrDo1v27hkVgaM6KqWks74vYxIkqfGCyf31y1N8QrmVCsAC74KFp9rhwP0uHmrN8XUIYFik8MoNphf+2aKWieJdZtzQGQ22mNNKDkP1yX3Uvb1QI+8d770dcIqr61AwkUBQgPgPyeii8W7r2+nq1lNQEnYts0N+13+40lEShnrRtsdKY6diEVs2uQId7VWw04lXOzWGi8oSWlunDWyRCQPtfvBFQtJ8AsivyZjmBuN9VJSDHLY1EQhXayygKfi6u6GKFVLZmd root@ip-10-32-30-193 -----END PUBLIC SSH HOST KEYS----- And here's an example of what the client system might add to known_hosts: 50.16.12.209,ec2-50-16-12-209.compute-1.amazonaws.com ecdsa- sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD3aGodGnmPfXEWBRKKVW/zkKP+vC/HPBmNg87gcLLx+WwT7UQgKxsZXVWhccs2BEwbvik/dlfcQX1Zby0ZSYgQ= + root@ip-10-32-30-193 or with hashing: |1|q0CnRd/EVpfAXEVMAi7fqx0lFaI=|8BrFOu2+GGRMKDS+1WiVG8xpwt0= ecdsa- sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD3aGodGnmPfXEWBRKKVW/zkKP+vC/HPBmNg87gcLLx+WwT7UQgKxsZXVWhccs2BEwbvik/dlfcQX1Zby0ZSYgQ= + root@ip-10-32-30-193 ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: cloud-init 0.6.1-0ubuntu22 ProcVersionSignature: User Name 3.0.0-12.20-virtual 3.0.4 Uname: Linux 3.0.0-12-virtual i686 ApportVersion: 1.23-0ubuntu3 Architecture: i386 Date: Tue Nov 22 00:12:40 2011 Ec2AMI: ami-a7f539ce Ec2AMIManifest: (unknown) Ec2AvailabilityZone: us-east-1a Ec2InstanceType: m1.small Ec2Kernel: aki-805ea7e9 Ec2Ramdisk: unavailable PackageArchitecture: all ProcEnviron: - LANG=en_US.UTF-8 - SHELL=/bin/bash + LANG=en_US.UTF-8 + SHELL=/bin/bash SourcePackage: cloud-init UpgradeStatus: No upgrade log present (probably fresh install)
** Summary changed: - cloud-init: Output machine usable public ssh host key (for known_hosts) + cloud-init: Output public ssh host key (for known_hosts) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/893400 Title: cloud-init: Output public ssh host key (for known_hosts) To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/893400/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
