pvecm add Fingerprint not verified, abort!

T

Tinyblargon

Active Member
Jun 28, 2018
4
0
41
28
hello i was wondering if someone has a solution to my problem.
i've been trying to resolve it myself but after a week of searching and testing i've hit rock bottom.

i've tried it within vmware (NAT or bridged gave same results) and with physical servers. but every time i i tell proxmox to add to a cluster it just tells me
Code: 
Fingerprint not verified, abort!

Node 1
Code: 
#pvecm create cluster1
Corosync Cluster Engine Authentication key generator.
Gathering 1024 bits for key from /dev/urandom.
Writing corosync key to /etc/corosync/authkey.
Writing corosync config to /etc/pve/corosync.conf
Restart corosync and cluster filesystem

Node 2
Code: 
#pvecm add IP_Addres
Please enter superuser (root) password for 'IP_Addres':
                                                             Password for root@IP_Addres: ********
Etablishing API connection with host 'IP_Addres'
The authenticity of host 'IP_Addres' can't be established.
X509 SHA256 key fingerprint is **:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:**.
Are you sure you want to continue connecting (yes/no)? y
Fingerprint not verified, abort!
 
Alwin said:
Try 'yes' instead of 'y'.
Click to expand...
Hi Alwin,

wouldn't it make more sense, to first verify the fingerprint and then ask for the password?

I am also playing around with cluster set up and now am a bit "afraid" of e.g. "man in the middle" when first entering (maybe also sending?) my root password and then verify the host?

Or is there something i miss?

Thanks in advance and best regards
Simon
 
@proxmox team: maybe you can say a few words, if my concerns (above) are unnecessary?

Thank you in advance and have a good new year,
Simon
 
SimonB said:
I am also playing around with cluster set up and now am a bit "afraid" of e.g. "man in the middle" when first entering (maybe also sending?) my root password and then verify the host?
Click to expand...

From what I can see, it looks like the password is not actually sent before you acknowledge the fingerprint.
But you are right, it might still be better to confirm the fingerprint before even writing the password.

EDIT: I've opened a bug on https://bugzilla.proxmox.com/show_bug.cgi?id=2045 for this, thanks for the suggestion
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back