noVNC problem after SSH key creation

S

Shadow Sysop

Member
Mar 7, 2021
53
3
13
40
I believe I may have inadvertently broken something related to noVNC inside my Proxmox. Today, I created SSH keys for all 3 nodes, generating keypairs. I have a feeling this broke something, as I overwrote the file ~/.ssh/id_*.pub.ssh/id_*.pub when generating the keypairs (were there Proxmox keys in there?). Now, Server 1 can only access noVNC of VMs on it's own node. If I'm logged into Server 1 and try to view noVNC of a VM on Server 2 or Server 3, it fails. If I login on Server 2, I can then access noVNC on all the VMs only on Server 2. ProxCP seems to be able access noVNC on VMs on all servers, so it seems restricted to my Proxmox. Is there a way I can fix this? Maybe I can restore the keys I overwrote? Any suggestions are greatly appreciated.
 
Last edited:
Hi,

yes, currently the root SSH keypair is also used for some Proxmox VE functionality (albeit we're moving more and more to the API), one of those is tunnelling the noVNC console of a guest on another node than one is connected to.

Shadow Sysop said:
Is there a way I can fix this? Maybe I can restore the keys I overwrote? Any suggestions are greatly appreciated.
Click to expand...
You do not need to restore the key, but you need to add the new one to the authorized_keys file, which is best done using the pvecm updatecerts command.

Running that command on every node should be enough, at least as long as you did not delete/override the authorized_keys link into the PVE clustered configuration file system:
Bash: 
realpath .ssh/authorized_keys
/etc/pve/priv/authorized_keys
 
  • Like
Reactions: Shadow Sysop
I did as you instructed and ran "pvecm updatecerts" on all nodes, but the problem persists. Would using terminal commands to generate a keypair overwrite the "authorized keys" link? I did add the new key to the /etc/pve/priv/authorized_keys file, so the keys work to login via SSH, but maybe I broke that link you spoke of? Is there a way to manually recreate/restore the key?

Update:

Upon further examination, it seems the "pvecm updatecerts" command worked for Server 2 and Server 3, but Server 1 can still only access noVNC on Server 1, while 2 and 3 can access everything. Why didn't Server1 get fixed too?

Further Update:

After trying again, I noticed the pvecm updatecerts command was failing because the file was already there. After removing the file and running pvecm updatecerts again, all is restored. Thank you for your help in this matter.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back