<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Import existing ssh keys — Bcfg2 1.3.0 documentation</title> <link rel="stylesheet" href="../../_static/default.css" type="text/css" /> <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../../', VERSION: '1.3.0', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="../../_static/jquery.js"></script> <script type="text/javascript" src="../../_static/underscore.js"></script> <script type="text/javascript" src="../../_static/doctools.js"></script> <script type="text/javascript" src="../../_static/sidebar.js"></script> <link rel="shortcut icon" href="../../_static/favicon.ico"/> <link rel="top" title="Bcfg2 1.3.0 documentation" href="../../index.html" /> <link rel="up" title="Guides" href="../guides.html" /> <link rel="next" title="NAT HOWTO" href="nat_howto.html" /> <link rel="prev" title="Gentoo" href="gentoo.html" /> <link rel="stylesheet" href="../../_static/bcfg2.css" type=""/> </head> <body> <div style="text-align: left; padding: 10px 10px 15px 15px"> <a href="../../index.html"><img src="../../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../../genindex.html" title="General Index" accesskey="I">index</a></li> <li class="right" > <a href="../../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="nat_howto.html" title="NAT HOWTO" accesskey="N">next</a> |</li> <li class="right" > <a href="gentoo.html" title="Gentoo" accesskey="P">previous</a> |</li> <li><a href="../../index.html">home</a> | </li> <!--<li><a href="../../search.html">search</a> | </li>--> <li><a href="../../help/index.html">help</a> | </li> <li><a href="../../contents.html">documentation </a> »</li> <li><a href="../../contents.html" >Bcfg2 documentation 1.3.0</a> »</li> <li><a href="../index.html" >Appendix</a> »</li> <li><a href="../guides.html" accesskey="U">Guides</a> »</li> </ul> </div> <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> <div class="body"> <div class="section" id="import-existing-ssh-keys"> <span id="appendix-guides-import-existing-ssh-keys"></span><h1>Import existing ssh keys<a class="headerlink" href="#import-existing-ssh-keys" title="Permalink to this headline">¶</a></h1> <div class="admonition note"> <p class="first admonition-title">Note</p> <p class="last">In order for the instructions in this guide to work, you will need to first setup the <a class="reference internal" href="../../reports/dynamic.html#reports-dynamic"><em>reporting system</em></a> so that the server has the information needed to create the existing entries.</p> </div> <p>This guide details the process for importing existing ssh keys into your server repository.</p> <div class="section" id="add-a-bundle-for-ssh"> <h2>Add a bundle for ssh<a class="headerlink" href="#add-a-bundle-for-ssh" title="Permalink to this headline">¶</a></h2> <p>After verifying that SSHbase is listed on the plugins line in <tt class="docutils literal"><span class="pre">/etc/bcfg2.conf</span></tt>, you need to create a bundle containing the appropriate entries.:</p> <div class="highlight-python"><pre>cat > /tmp/ssh.xml << EOF <Bundle name='ssh'> <Path name='/etc/ssh/ssh_host_dsa_key'/> <Path name='/etc/ssh/ssh_host_rsa_key'/> <Path name='/etc/ssh/ssh_host_dsa_key.pub'/> <Path name='/etc/ssh/ssh_host_rsa_key.pub'/> <Path name='/etc/ssh/ssh_host_key'/> <Path name='/etc/ssh/ssh_host_key.pub'/> <Path name='/etc/ssh/ssh_known_hosts'/> </Bundle></pre> </div> <div class="highlight-python"><div class="highlight"><pre><span class="n">mv</span> <span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">ssh</span><span class="o">.</span><span class="n">xml</span> <span class="o">/</span><span class="n">var</span><span class="o">/</span><span class="n">lib</span><span class="o">/</span><span class="n">bcfg2</span><span class="o">/</span><span class="n">Bundle</span> </pre></div> </div> <p>Next, you need to add the ssh bundle to the client’s metadata in groups.xml.</p> </div> <div class="section" id="validate-your-repository"> <h2>Validate your repository<a class="headerlink" href="#validate-your-repository" title="Permalink to this headline">¶</a></h2> <p>Validation can be performed using the following command:</p> <div class="highlight-python"><div class="highlight"><pre><span class="n">bcfg2</span><span class="o">-</span><span class="n">lint</span> </pre></div> </div> </div> <div class="section" id="run-the-bcfg2-client"> <h2>Run the bcfg2 client<a class="headerlink" href="#run-the-bcfg2-client" title="Permalink to this headline">¶</a></h2> <div class="highlight-python"><div class="highlight"><pre><span class="n">bcfg2</span> <span class="o">-</span><span class="n">vqn</span> </pre></div> </div> <p>You will see the incorrect entries for the ssh files:</p> <div class="highlight-python"><pre>Phase: initial Correct entries: 0 Incorrect entries: 7 Total managed entries: 7 Unmanaged entries: 649 In dryrun mode: suppressing entry installation for: Path:/etc/ssh/ssh_host_dsa_key Path:/etc/ssh/ssh_host_rsa_key Path:/etc/ssh/ssh_host_dsa_key.pub Path:/etc/ssh/ssh_host_rsa_key.pub Path:/etc/ssh/ssh_host_key Path:/etc/ssh/ssh_known_hosts Path:/etc/ssh/ssh_host_key.pub Phase: final Correct entries: 0 Incorrect entries: 7 Path:/etc/ssh/ssh_host_dsa_key Path:/etc/ssh/ssh_host_rsa_key Path:/etc/ssh/ssh_host_dsa_key.pub Path:/etc/ssh/ssh_host_rsa_key.pub Path:/etc/ssh/ssh_host_key Path:/etc/ssh/ssh_known_hosts Path:/etc/ssh/ssh_host_key.pub Total managed entries: 7 Unmanaged entries: 649</pre> </div> </div> <div class="section" id="install-the-client-s-ssh-keys-into-the-bcfg2-repository"> <h2>Install the client’s ssh keys into the Bcfg2 repository<a class="headerlink" href="#install-the-client-s-ssh-keys-into-the-bcfg2-repository" title="Permalink to this headline">¶</a></h2> <p>Now, we pull the ssh host key data for the client out of the uploaded stats and insert it as host-specific copies of these files in <tt class="docutils literal"><span class="pre">/var/lib/bcfg2/SSHBase</span></tt>.:</p> <div class="highlight-python"><pre>for key in ssh_host_rsa_key ssh_host_dsa_key ssh_host_key; do sudo bcfg2-admin pull <clientname> Path /etc/ssh/$key sudo bcfg2-admin pull <clientname> Path /etc/ssh/$key.pub done</pre> </div> <p>This for loop pulls data that was collected by the bcfg2 client out of the statistics file and installs it into the repository. This means that the client will keep the same ssh keys and the bcfg2 server can start generating a correct ssh_known_hosts file for the client.</p> </div> <div class="section" id="run-the-bcfg2-client-again"> <h2>Run the bcfg2 client (again)<a class="headerlink" href="#run-the-bcfg2-client-again" title="Permalink to this headline">¶</a></h2> <div class="highlight-python"><div class="highlight"><pre><span class="n">bcfg2</span> <span class="o">-</span><span class="n">vqn</span> </pre></div> </div> <p>This time, we will only see 1 incorrect entry.:</p> <div class="highlight-python"><pre>Phase: initial Correct entries: 6 Incorrect entries: 1 Total managed entries: 7 Unmanaged entries: 649 In dryrun mode: suppressing entry installation for: Path:/etc/ssh/ssh_known_hosts Phase: final Correct entries: 6 Incorrect entries: 1 Path:/etc/ssh/ssh_known_hosts Total managed entries: 7 Unmanaged entries: 649</pre> </div> <p>Now, the only wrong entry is the ssh_known_hosts file, so go ahead and install it:</p> <div class="highlight-python"><div class="highlight"><pre><span class="n">bcfg2</span> <span class="o">-</span><span class="n">vqI</span> </pre></div> </div> <p>After answering ‘y’ to the interactive prompt, the client will install the known_hosts file successfully.</p> </div> </div> </div> </div> </div> <div class="sphinxsidebar"> <div class="sphinxsidebarwrapper"> <h3><a href="../../index.html">Table Of Contents</a></h3> <ul> <li><a class="reference internal" href="#">Import existing ssh keys</a><ul> <li><a class="reference internal" href="#add-a-bundle-for-ssh">Add a bundle for ssh</a></li> <li><a class="reference internal" href="#validate-your-repository">Validate your repository</a></li> <li><a class="reference internal" href="#run-the-bcfg2-client">Run the bcfg2 client</a></li> <li><a class="reference internal" href="#install-the-client-s-ssh-keys-into-the-bcfg2-repository">Install the client’s ssh keys into the Bcfg2 repository</a></li> <li><a class="reference internal" href="#run-the-bcfg2-client-again">Run the bcfg2 client (again)</a></li> </ul> </li> </ul> <h4>Previous topic</h4> <p class="topless"><a href="gentoo.html" title="previous chapter">Gentoo</a></p> <h4>Next topic</h4> <p class="topless"><a href="nat_howto.html" title="next chapter">NAT HOWTO</a></p> <h3>This Page</h3> <ul class="this-page-menu"> <li><a href="../../_sources/appendix/guides/import-existing-ssh-keys.txt" rel="nofollow">Show Source</a></li> </ul> <div id="searchbox" style="display: none"> <h3>Quick search</h3> <form class="search" action="../../search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <div class="clearer"></div> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../../genindex.html" title="General Index" >index</a></li> <li class="right" > <a href="../../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="nat_howto.html" title="NAT HOWTO" >next</a> |</li> <li class="right" > <a href="gentoo.html" title="Gentoo" >previous</a> |</li> <li><a href="../../index.html">home</a> | </li> <!--<li><a href="../../search.html">search</a> | </li>--> <li><a href="../../help/index.html">help</a> | </li> <li><a href="../../contents.html">documentation </a> »</li> <li><a href="../../contents.html" >Bcfg2 documentation 1.3.0</a> »</li> <li><a href="../index.html" >Appendix</a> »</li> <li><a href="../guides.html" >Guides</a> »</li> </ul> </div> <div class="footer"> © Copyright 2009-2013, Narayan Desai. Last updated on Mar 20, 2013. Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3. </div> </body> </html>