pvecm add Fingerprint not verified, abort!

T

Tinyblargon

Active Member
Jun 28, 2018
4
0
41
29
hello i was wondering if someone has a solution to my problem.
i've been trying to resolve it myself but after a week of searching and testing i've hit rock bottom.

i've tried it within vmware (NAT or bridged gave same results) and with physical servers. but every time i i tell proxmox to add to a cluster it just tells me
Code: 
Fingerprint not verified, abort!

Node 1
Code: 
#pvecm create cluster1
Corosync Cluster Engine Authentication key generator.
Gathering 1024 bits for key from /dev/urandom.
Writing corosync key to /etc/corosync/authkey.
Writing corosync config to /etc/pve/corosync.conf
Restart corosync and cluster filesystem

Node 2
Code: 
#pvecm add IP_Addres
Please enter superuser (root) password for 'IP_Addres':
                                                             Password for root@IP_Addres: ********
Etablishing API connection with host 'IP_Addres'
The authenticity of host 'IP_Addres' can't be established.
X509 SHA256 key fingerprint is **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**.
Are you sure you want to continue connecting (yes/no)? y
Fingerprint not verified, abort!
 
Alwin said:
Try 'yes' instead of 'y'.
Click to expand...
Hi Alwin,

wouldn't it make more sense, to first verify the fingerprint and then ask for the password?

I am also playing around with cluster set up and now am a bit "afraid" of e.g. "man in the middle" when first entering (maybe also sending?) my root password and then verify the host?

Or is there something i miss?

Thanks in advance and best regards
Simon
 
@proxmox team: maybe you can say a few words, if my concerns (above) are unnecessary?

Thank you in advance and have a good new year,
Simon
 
SimonB said:
I am also playing around with cluster set up and now am a bit "afraid" of e.g. "man in the middle" when first entering (maybe also sending?) my root password and then verify the host?
Click to expand...

From what I can see, it looks like the password is not actually sent before you acknowledge the fingerprint.
But you are right, it might still be better to confirm the fingerprint before even writing the password.

EDIT: I've opened a bug on https://bugzilla.proxmox.com/show_bug.cgi?id=2045 for this, thanks for the suggestion
 
Last edited:
You must log in or register to reply here.
Top Bottom