From 277e41829d0c2d73580974b21898a71194339a7a Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Tue, 10 Jul 2018 12:10:42 +0200 Subject: [PATCH] Let sshd use ecdsa and ed25519 host keys It seems that our nodepool is configured with the ecdsa and ed25519 host keys from the nodepool nodes, but not the rsa or dsa keys. This is a problem when we try to test our puppet SSH configuration in CI, because the puppet module removes the ability for the Zuul executor to reach the node and perform cleanup tasks after the tests have completed. This patch adds back the HostKey settings that the nodepool images started out with. This should not affect the puppetmaster's or a rooter's ability to log into production servers that are already using an rsa host key. Change-Id: I150b76a632398d0a6f00d5b98ad7277c62377601 --- templates/sshd_config.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb index 2ed0efe..12f8147 100644 --- a/templates/sshd_config.erb +++ b/templates/sshd_config.erb @@ -10,6 +10,8 @@ Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes