1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#265973: fai-setup: ssh fails with interactive question, wrong known

    From Daniel Parthey@1:229/2 to All on Mon Aug 16 04:00:08 2004
    From: [email protected]

    Package: fai
    Version: 2.6.1
    Severity: normal

    The ssh connections from my install-client to the fai-server fail
    with interaction, because a known_hosts line is missing.

    Output of FAI on the console of my install client:

    Calling task_chboot
    The authenticity of host 'faiserver' (192.168.1.99)' can't be established.
    RSA key fingerprint is 16:5d:cb:ff:15:62:02:6e:09:df:13:58:6b:fc:67:67.
    Are you sure you want to continue connecting (yes/no)? _


    The reason is, that the wrong server hostname is written to /usr/lib/fai/nfsroot/root/.ssh/known_hosts
    by the /usr/sbin/fai-setup script (line 97 ff.):

    HOSTNAME=`grep $SERVERIP /etc/hosts | perl .........`
    echo "Adding $HOSTNAME to known_hosts."
    ...


    Possible solution:

    The clients need to know the name of $LOGSERVER and $SERVER in their ~root/.ssh/known_hosts in order to prevent undesirable interaction with
    ssh.

    use $SERVER and $LOGSERVER to create all necessary known_hosts lines
    during fai-setup

    In fai.conf I have defined SERVER=faiserver which is a CNAME to "james"
    and finally resolves to the local IP 192.168.1.99 from our LAN.

    The fai server has two interfaces (eth0 Ethernet and ippp0 ISDN).
    My configuration of /etc/hosts contains an external alias which
    should be the primary hostname shown in headers of outgoing email,
    therefore the external hostname "externaldomain" is at the first
    position. The LAN alias "james" of the faiserver comes at second position.

    --- File james:/etc/hosts BEGIN ---

    # local machine
    127.0.0.1 localhost

    # The faiserver and logserver
    # hostname seen from outside (primary): externaldomain
    # hostname seen from inside (alias) : james
    192.168.1.99 externaldomain.dyndns.org james

    --- File james:/etc/hosts END ---

    Hostname "externaldomain.dyndns.org" resolves to the IP-Address of the
    external dialup interface, and "james.localdomain" to server IP 192.168.1.99

    The contents of root's known_hosts on install-client jacko.localdomain
    are (the same as in $NFSROOT/root/.ssh/known_hosts):

    root@jacko:/# cat /root/.ssh/known_hosts
    externaldomain,192.168.1.99 ssh-dss ...PUBKEY...

    If this known_hosts file contains the following line, it works:

    root@jacko:/# cat /root/.ssh/known_hosts
    faiserver,192.168.1.99 ssh-dss ...PUBKEY...

    Thanks,
    Daniel.

    PS: The host externaldomain.dyndns.org does not exist.
    I've substituted the true dyndns hostname with
    "externaldomain.dyndns.org" in order to keep privacy.