The postscript you want is 'remoteshell'. It will install the _same_ host keys on all nodes.
If you bake host keys into the image, the sshd daemon will not create new keys when it starts. Since the host keys are fixed, you can create a 'ssh_known_hosts' file with entries for each node and distribute it to your login/submit/bastion hosts. There was a discussion regarding this behavior on the list recently. I recommend reading the message from Jarrod Johnson. > On October 11, 2019 at 9:15 AM Thomas HUMMEL <[email protected]> wrote: > > > Hello, > > For an HPC cluster, using xCAT-server-2.14.6 on CentOS 7.7 x86_64, I'm > booting stateless nodes from a single osimage. > > My question is about how to deal with the fact that their ssh hostkeys > change each time they boot. > > Previously only the HPC "submit" node could ssh to the compute nodes so > we made an ssh_config file on it which would ignore the change of ssh > hostkeys of the computes. > > Now almost anyone will be allowed to ssh to the compute nodes, thus the > need for those to always have the same ssh hostkey across reboots. > > What is the best way to implement this ? > > I'm not sure about xcatconfig (and what are the keys in > /etc/xcat/hostkeys for). > > My idea was to externally generate one host key per node on the > management node just after the node creation (nodeadd) and to sync them > using a postscript (not sure if the postscript would occur soon enough, > i.e. before sshd-keygen.service, though) > > What do you think ? > > Thanks > > -- > Thomas HUMMEL > > > > _______________________________________________ > xCAT-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/xcat-user _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
