1.6 cluster creation problem

J

jinjer

Renowned Member
Oct 4, 2010
204
7
83
There's a bug in the default installation of proxmox 1.5 and 1.6 related to cluster creation and key exchange.

by default, debian uses %h/.ssh/authorized_keys2 as the authorized keys file, while proxmox adds the keys to the authorized_keys (no 2) file.

This prevents adding a slave to a master

A change of the /etc/ssh/sshd_config or (preferred) an ln -s authorized_keys authorized_keys2 fixes it.

jinjer
 
Not here. A standard install creates "authorized_keys". no issue.

How did you install your Proxmox VE systems?
 
I installed proxmox using the proxmox iso bare installer. there's no way it can work as sshd_config clearly specifies authorized_keys2 as the key file, while proxmox only writes to authorized_keys.

I'm mix/matching 1.5 and 1.6, but I don't think that part has changed between 1.5 and 1.6.

I think I remember that sshd had an automatic fall-back for authorized_keys (perhaps when _keys2 is not available).

Since the first thing I do on a new install is to upload my key to authorized_keys2 I might have broken this default behaviour (just speculation... but possible).

Currenly my /root/.ssh key structure looks like this:
Code: 
-rw------- 1 root root 1059 Oct  7 12:36 authorized_keys
lrwxrwxrwx 1 root root   15 Oct  7 12:34 authorized_keys2 -> authorized_keys
However, the default sshd_config file of proxmox looks like this:
Code: 
AuthorizedKeysFile	%h/.ssh/authorized_keys2
and this is how all debian installations look, so it make sense to change proxmox to write to that _keys2 file instead of the old ssh1 _keys files.

jinjer
PS: Sorry if I sound a little rude sometimes. I appreciate proxmox a lot (I wish I had discovered it much earlier... before writing my own stuff). I'm just trying to help by exposing issues I see while using/testing so that proxmox can become a better system.
 
dietmar said:
Sorry, my sshd_config looks like:

Code: 
#AuthorizedKeysFile     %h/.ssh/authorized_keys
Click to expand...

I should have checked better before posting. Your're right. all my boxes have this authorized_keys commented out the same way yours do. nevertheless I'm using authorized_keys2 on every box since years and it works as expected (a feature dating back to the introduction of the ver2 protocol).

So, my proxmox master (1.5) is the only box with that setting uncommented and explicitly pointing to authorized_keys2. I must have done this change at some point but I don't remember. There could be a single reason for this, and that is that authorized_keys is present in the default proxmox installation and I didn't notice.... ouch should stop working at night.

Ok, guess it was my fault to start with... sorry.

jinjer
 
You must log in or register to reply here.
Top Bottom