[pve-devel] [PATCH RFC 01/21] add paths for SSH certificates
Dietmar Maurer
dietmar at proxmox.com
Mon Nov 28 08:08:53 CET 2016
We will use certificate based auth in future. This way we can
avoid the clumsy authorized_keys and known_hosts code.
Signed-off-by: Dietmar Maurer <dietmar at proxmox.com>
---
data/PVE/Cluster.pm | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index e24b7da..2210bfe 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -4,6 +4,7 @@ use strict;
use warnings;
use POSIX qw(EEXIST);
use File::stat qw();
+
use Socket;
use Storable qw(dclone);
use IO::File;
@@ -48,9 +49,13 @@ my $pveca_cert_fn = "$basedir/pve-root-ca.pem";
my $pvewww_key_fn = "$basedir/pve-www.key";
# ssh related files
+my $ssh_cluster_ca_priv = "$authdir/pve-ssh-ca";
+my $ssh_cluster_ca_cert = "$basedir/pve-ssh-ca.pub";
my $ssh_rsa_id_priv = "/root/.ssh/id_rsa";
my $ssh_rsa_id = "/root/.ssh/id_rsa.pub";
+my $ssh_rsa_cert = "/root/.ssh/id_rsa-cert.pub";
my $ssh_host_rsa_id = "/etc/ssh/ssh_host_rsa_key.pub";
+my $ssh_host_rsa_cert = "/etc/ssh/ssh_host_rsa_key-cert.pub";
my $sshglobalknownhosts = "/etc/ssh/ssh_known_hosts";
my $sshknownhosts = "/etc/pve/priv/known_hosts";
my $sshauthkeys = "/etc/pve/priv/authorized_keys";
--
2.1.4
More information about the pve-devel
mailing list