fai-setup: ECDSA-key missing in known_hosts

Christian Meyer c2h5oh at web.de
Fri Oct 22 23:21:07 CEST 2021


Hello there,

I'm using Debian Bullseye and FAI 5.10.3 und for some reason my
installed systems do have an ECDSA host key
(/etc/ssh/ssh_host_ecdsa_key.pub).

Doing a 'fai softupdate' (task_savelog) I run into the problem:
"The authenticity of host 'fai-server (192.168.178.11)' can't be
established.
ECDSA key fingerprint is SHA256:xxxxxxyyyyyyzzzzzz.
Are you sure you want to continue connecting (yes/no/[fingerprint])?"

Obviously the fingerprint is missing in my setup ( I use to fcopy the
known_hosts to my clients ) and for that reason I just take my servers
/var/log/fai/remote-logs/.ssh/known_hosts and copy it to
/srv/fai/config/files/root/.ssh/known_hosts/CLIENT on my server.

This file is created by /usr/sbin/fai-setup and I found that the rsa-
key and the ed25519-key are recognised and handled well (except some
obfuscation), but the ecdsa-key still is missing.

Of course I could modify the file by my own, but since fai-setup does
the job anyway it is conveniant for me to just take it.

My question is:
Is this the intended behaviour for fai-setup and I am on a wrong way
with ecdsa or with copying known_hosts or is ecdsa simply forgotten in
fai-setup and should be added?

Thanks a lot
Christian



More information about the linux-fai mailing list