ssh keys acceptation in log saving phase and interfaces selection for automated install

Holger Parplies wfai at parplies.de
Wed Oct 7 14:21:45 CEST 2009


Hi,

Luká? Oliva wrote on 2009-10-07 13:33:32 +0200 [ssh keys acceptation in log saving phase and interfaces selection for automated install]:
> [...]
> 1) During the log saving phase, the installed machine tries to copy
> all logs by rcp (I suppose) which is only link for ssh, so it asks to
> confirm acceptation of keys which must be accepted by keyboard. I
> thought of distributing certificates during the installation, but it
> is such usual thing that there must be some better way how to resolve
> it.

the public host key of the FAI server needs to be in either
$NFSROOT/etc/ssh/ssh_known_hosts or $NFSROOT/root/.ssh/known_hosts. I believe
that normally FAI (i.e. fai-setup) takes care of that. I've run into the same
problem that you are experiencing, though I don't recall why (probably a
change of the host key or the name of the FAI server machine without
re-running fai-setup). The simple solution for adding the key to root's
known_hosts is, on the FAI server,

	chroot $NFSROOT ssh $HOSTNAME

(don't use 'localhost', use the name of the FAI server machine) and then type
'yes' to accept the key - you don't need to complete the login. There are
probably simpler (i.e. more scriptable) ways (along the lines of
'cat /etc/ssh/ssh_host_[dr]sa_key.pub >> $NFSROOT/root/.ssh/known_hosts',
except that that won't work; you'd need to change the format of the lines),
but the 'ssh' above "works well for me". Tip: if you repeat the command, it
shouldn't ask for confirmation the second time.

> 2) On four network interface cards machine I have problem selecting
> the to boot on.

I believe that has been frequently discussed lately (though not by me). You
might want to search the archives or the wiki (though I can only find a link
to a non-existant wiki page in there ...).

> 3) The third thing is that the fai installation does not change in the
> end the status of the installed machine.

That is because this is also done by 'ssh <fai-server> -l fai ...' (and
presumably after saving the logs). Since you never get past there, it doesn't
happen for you, but it will after you get non-interactive ssh working again.

Regards,
Holger


More information about the linux-fai mailing list