<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    
    <title>Import existing ssh keys &mdash; Bcfg2 1.3.0 documentation</title>
    
    <link rel="stylesheet" href="../../_static/default.css" type="text/css" />
    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
    
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    '../../',
        VERSION:     '1.3.0',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true
      };
    </script>
    <script type="text/javascript" src="../../_static/jquery.js"></script>
    <script type="text/javascript" src="../../_static/underscore.js"></script>
    <script type="text/javascript" src="../../_static/doctools.js"></script>
    <script type="text/javascript" src="../../_static/sidebar.js"></script>
    <link rel="shortcut icon" href="../../_static/favicon.ico"/>
    <link rel="top" title="Bcfg2 1.3.0 documentation" href="../../index.html" />
    <link rel="up" title="Guides" href="../guides.html" />
    <link rel="next" title="NAT HOWTO" href="nat_howto.html" />
    <link rel="prev" title="Gentoo" href="gentoo.html" />
 
<link rel="stylesheet" href="../../_static/bcfg2.css" type=""/>

  </head>
  <body>

<div style="text-align: left; padding: 10px 10px 15px 15px">
<a href="../../index.html"><img src="../../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a>
</div>

    <div class="related">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="../../genindex.html" title="General Index"
             accesskey="I">index</a></li>
        <li class="right" >
          <a href="../../py-modindex.html" title="Python Module Index"
             >modules</a> |</li>
        <li class="right" >
          <a href="nat_howto.html" title="NAT HOWTO"
             accesskey="N">next</a> |</li>
        <li class="right" >
          <a href="gentoo.html" title="Gentoo"
             accesskey="P">previous</a> |</li>
	<li><a href="../../index.html">home</a> |&nbsp;</li>
	<!--<li><a href="../../search.html">search</a> |&nbsp;</li>-->
	<li><a href="../../help/index.html">help</a> |&nbsp;</li>
	<li><a href="../../contents.html">documentation </a> &raquo;</li>

          <li><a href="../../contents.html" >Bcfg2 documentation 1.3.0</a> &raquo;</li>
          <li><a href="../index.html" >Appendix</a> &raquo;</li>
          <li><a href="../guides.html" accesskey="U">Guides</a> &raquo;</li> 
      </ul>
    </div>
  

    <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body">
            
  <div class="section" id="import-existing-ssh-keys">
<span id="appendix-guides-import-existing-ssh-keys"></span><h1>Import existing ssh keys<a class="headerlink" href="#import-existing-ssh-keys" title="Permalink to this headline">¶</a></h1>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">In order for the instructions in this guide to work, you will need
to first setup the <a class="reference internal" href="../../reports/dynamic.html#reports-dynamic"><em>reporting system</em></a> so that
the server has the information needed to create the existing
entries.</p>
</div>
<p>This guide details the process for importing existing ssh keys into your
server repository.</p>
<div class="section" id="add-a-bundle-for-ssh">
<h2>Add a bundle for ssh<a class="headerlink" href="#add-a-bundle-for-ssh" title="Permalink to this headline">¶</a></h2>
<p>After verifying that SSHbase is listed on the plugins line in
<tt class="docutils literal"><span class="pre">/etc/bcfg2.conf</span></tt>, you need to create a bundle containing the
appropriate entries.:</p>
<div class="highlight-python"><pre>cat &gt; /tmp/ssh.xml &lt;&lt; EOF
&lt;Bundle name='ssh'&gt;
  &lt;Path name='/etc/ssh/ssh_host_dsa_key'/&gt;
  &lt;Path name='/etc/ssh/ssh_host_rsa_key'/&gt;
  &lt;Path name='/etc/ssh/ssh_host_dsa_key.pub'/&gt;
  &lt;Path name='/etc/ssh/ssh_host_rsa_key.pub'/&gt;
  &lt;Path name='/etc/ssh/ssh_host_key'/&gt;
  &lt;Path name='/etc/ssh/ssh_host_key.pub'/&gt;
  &lt;Path name='/etc/ssh/ssh_known_hosts'/&gt;
&lt;/Bundle&gt;</pre>
</div>
<div class="highlight-python"><div class="highlight"><pre><span class="n">mv</span> <span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">ssh</span><span class="o">.</span><span class="n">xml</span> <span class="o">/</span><span class="n">var</span><span class="o">/</span><span class="n">lib</span><span class="o">/</span><span class="n">bcfg2</span><span class="o">/</span><span class="n">Bundle</span>
</pre></div>
</div>
<p>Next, you need to add the ssh bundle to the client&#8217;s metadata in
groups.xml.</p>
</div>
<div class="section" id="validate-your-repository">
<h2>Validate your repository<a class="headerlink" href="#validate-your-repository" title="Permalink to this headline">¶</a></h2>
<p>Validation can be performed using the following command:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="n">bcfg2</span><span class="o">-</span><span class="n">lint</span>
</pre></div>
</div>
</div>
<div class="section" id="run-the-bcfg2-client">
<h2>Run the bcfg2 client<a class="headerlink" href="#run-the-bcfg2-client" title="Permalink to this headline">¶</a></h2>
<div class="highlight-python"><div class="highlight"><pre><span class="n">bcfg2</span> <span class="o">-</span><span class="n">vqn</span>
</pre></div>
</div>
<p>You will see the incorrect entries for the ssh files:</p>
<div class="highlight-python"><pre>Phase: initial
Correct entries:        0
Incorrect entries:      7
Total managed entries:  7
Unmanaged entries:      649

In dryrun mode: suppressing entry installation for:
 Path:/etc/ssh/ssh_host_dsa_key      Path:/etc/ssh/ssh_host_rsa_key
 Path:/etc/ssh/ssh_host_dsa_key.pub  Path:/etc/ssh/ssh_host_rsa_key.pub
 Path:/etc/ssh/ssh_host_key          Path:/etc/ssh/ssh_known_hosts
 Path:/etc/ssh/ssh_host_key.pub

Phase: final
Correct entries:        0
Incorrect entries:      7
 Path:/etc/ssh/ssh_host_dsa_key      Path:/etc/ssh/ssh_host_rsa_key
 Path:/etc/ssh/ssh_host_dsa_key.pub  Path:/etc/ssh/ssh_host_rsa_key.pub
 Path:/etc/ssh/ssh_host_key          Path:/etc/ssh/ssh_known_hosts
 Path:/etc/ssh/ssh_host_key.pub
Total managed entries:  7
Unmanaged entries:      649</pre>
</div>
</div>
<div class="section" id="install-the-client-s-ssh-keys-into-the-bcfg2-repository">
<h2>Install the client&#8217;s ssh keys into the Bcfg2 repository<a class="headerlink" href="#install-the-client-s-ssh-keys-into-the-bcfg2-repository" title="Permalink to this headline">¶</a></h2>
<p>Now, we pull the ssh host key data for the client out of the uploaded
stats and insert it as host-specific copies of these files in
<tt class="docutils literal"><span class="pre">/var/lib/bcfg2/SSHBase</span></tt>.:</p>
<div class="highlight-python"><pre>for key in ssh_host_rsa_key ssh_host_dsa_key ssh_host_key; do
    sudo bcfg2-admin pull &lt;clientname&gt; Path /etc/ssh/$key
    sudo bcfg2-admin pull &lt;clientname&gt; Path /etc/ssh/$key.pub
done</pre>
</div>
<p>This for loop pulls data that was collected by the bcfg2 client out of
the statistics file and installs it into the repository. This means that
the client will keep the same ssh keys and the bcfg2 server can start
generating a correct ssh_known_hosts file for the client.</p>
</div>
<div class="section" id="run-the-bcfg2-client-again">
<h2>Run the bcfg2 client (again)<a class="headerlink" href="#run-the-bcfg2-client-again" title="Permalink to this headline">¶</a></h2>
<div class="highlight-python"><div class="highlight"><pre><span class="n">bcfg2</span> <span class="o">-</span><span class="n">vqn</span>
</pre></div>
</div>
<p>This time, we will only see 1 incorrect entry.:</p>
<div class="highlight-python"><pre>Phase: initial
Correct entries:        6
Incorrect entries:      1
Total managed entries:  7
Unmanaged entries:      649

In dryrun mode: suppressing entry installation for:
 Path:/etc/ssh/ssh_known_hosts

Phase: final
Correct entries:        6
Incorrect entries:      1
 Path:/etc/ssh/ssh_known_hosts
Total managed entries:  7
Unmanaged entries:      649</pre>
</div>
<p>Now, the only wrong entry is the ssh_known_hosts file, so go ahead
and install it:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="n">bcfg2</span> <span class="o">-</span><span class="n">vqI</span>
</pre></div>
</div>
<p>After answering &#8216;y&#8217; to the interactive prompt, the client will install
the known_hosts file successfully.</p>
</div>
</div>


          </div>
        </div>
      </div>
      <div class="sphinxsidebar">
        <div class="sphinxsidebarwrapper">
  <h3><a href="../../index.html">Table Of Contents</a></h3>
  <ul>
<li><a class="reference internal" href="#">Import existing ssh keys</a><ul>
<li><a class="reference internal" href="#add-a-bundle-for-ssh">Add a bundle for ssh</a></li>
<li><a class="reference internal" href="#validate-your-repository">Validate your repository</a></li>
<li><a class="reference internal" href="#run-the-bcfg2-client">Run the bcfg2 client</a></li>
<li><a class="reference internal" href="#install-the-client-s-ssh-keys-into-the-bcfg2-repository">Install the client&#8217;s ssh keys into the Bcfg2 repository</a></li>
<li><a class="reference internal" href="#run-the-bcfg2-client-again">Run the bcfg2 client (again)</a></li>
</ul>
</li>
</ul>

  <h4>Previous topic</h4>
  <p class="topless"><a href="gentoo.html"
                        title="previous chapter">Gentoo</a></p>
  <h4>Next topic</h4>
  <p class="topless"><a href="nat_howto.html"
                        title="next chapter">NAT HOWTO</a></p>
  <h3>This Page</h3>
  <ul class="this-page-menu">
    <li><a href="../../_sources/appendix/guides/import-existing-ssh-keys.txt"
           rel="nofollow">Show Source</a></li>
  </ul>
<div id="searchbox" style="display: none">
  <h3>Quick search</h3>
    <form class="search" action="../../search.html" method="get">
      <input type="text" name="q" />
      <input type="submit" value="Go" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
    <p class="searchtip" style="font-size: 90%">
    Enter search terms or a module, class or function name.
    </p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
      <div class="clearer"></div>
    </div>
    <div class="related">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="../../genindex.html" title="General Index"
             >index</a></li>
        <li class="right" >
          <a href="../../py-modindex.html" title="Python Module Index"
             >modules</a> |</li>
        <li class="right" >
          <a href="nat_howto.html" title="NAT HOWTO"
             >next</a> |</li>
        <li class="right" >
          <a href="gentoo.html" title="Gentoo"
             >previous</a> |</li>
	<li><a href="../../index.html">home</a> |&nbsp;</li>
	<!--<li><a href="../../search.html">search</a> |&nbsp;</li>-->
	<li><a href="../../help/index.html">help</a> |&nbsp;</li>
	<li><a href="../../contents.html">documentation </a> &raquo;</li>

          <li><a href="../../contents.html" >Bcfg2 documentation 1.3.0</a> &raquo;</li>
          <li><a href="../index.html" >Appendix</a> &raquo;</li>
          <li><a href="../guides.html" >Guides</a> &raquo;</li> 
      </ul>
    </div>
    <div class="footer">
        &copy; Copyright 2009-2013, Narayan Desai.
      Last updated on Mar 20, 2013.
      Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
    </div>
  </body>
</html>