#4170 releng ssh fingerprints missing in https://admin.fedoraproject.org/ssh_known_hosts
Closed: Fixed None Opened 11 years ago by till.

= bug description =
{{{
$ ssh releng02.phx2.fedoraproject.org
The authenticity of host 'releng02.phx2.fedoraproject.org (<no hostip for proxy command>)' can't be established.
RSA key fingerprint is 2f:5f:ac:7c:8a:e2:2a:a6:21:db:c6:9f:bb:fd:2a:41.
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)?
}}}
= bug analysis =
releng02 and maybe other releng boxes except releng04 and releng01.stg are missing from the file
= fix recommendation =
Add missing hosts to the ssh_known_hosts files.


So, this file is generated by a python script manually run by admins (so they can inspect any changes).

However, the script was setup to read only those hosts that were in puppet. Since many machines we now have are not in puppet, but have moved to ansible, they aren't showing up. ;(

The old script is in puppet/modules/ssh/files/fetch-ssh-keys.py

We need to port this over to an ansible script that gathers the keys from all hosts in ansible inventory and generates the file (ansible has all machines in it's inventory, so it would include the puppet ones too).

Would you be interested in making such a script? Or we could toss easyfix on this and see if another apprentice would be interested...

Log in to comment on this ticket.

Metadata