[CentOS-virt] server host keys for kvm clones
Ed Heron
Ed at Heron-ent.com
Wed Jan 4 15:14:28 EST 2012
On Wed, 2012-01-04 at 20:31 +0100, Thomas Göttgens wrote:
> Hi James,
>
> depending on your use case:
>
> if you source is a template VM: just delete the keys prior to cloning
> in the source VM
>
> if you source is a production VM: just delete the keys after cloning
> on the newly cloned VM
>
> The keys will be regenerated on next startup of openssh if they're
> missing.
>
> am Mittwoch, 4. Januar 2012 um 20:08 schrieben Sie:
>
> > Respecting cloning vm guests, I see in /etc/ssh the
> > following:
>
> > ssh_host_dsa_key
> > ssh_host_dsa_key.pub
> > ssh_host_key
> > ssh_host_key.pub
> > ssh_host_rsa_key
> > ssh_host_rsa_key.pub
>
> > Is there a simple script somewhere to regenerate all the
> > server host keys for the new guest after cloning?
>
Is there a process for pre-generating keys so these keys
and .ssh/known_hosts can be pre-filled for all users/hosts?
I dislike upgrading servers. I use kickstart from updated sources
with integrated configuration files on a new virtual disk to produce an
upgraded server without touching the live server. This gives me the
chance to test the new server prior to making it live and verifies I can
reproduce a failed server at need. Also, this allows me to restage
firewalls automatically on a schedule. Let's see a rootkit survive a
clean install.
Currently, I'm allowing the keys to be regenerated, but it gets
annoying editing my known hosts to remove old entries.
There's got to be a better way.
More information about the CentOS-virt
mailing list