Let sshd use ecdsa and ed25519 host keys

It seems that our nodepool is configured with the ecdsa and ed25519 host
keys from the nodepool nodes, but not the rsa or dsa keys. This is a
problem when we try to test our puppet SSH configuration in CI, because
the puppet module removes the ability for the Zuul executor to reach the
node and perform cleanup tasks after the tests have completed.

This patch adds back the HostKey settings that the nodepool images
started out with. This should not affect the puppetmaster's or a
rooter's ability to log into production servers that are already using
an rsa host key.

Change-Id: I150b76a632398d0a6f00d5b98ad7277c62377601
This commit is contained in:
Colleen Murphy 2018-07-10 12:10:42 +02:00
parent 685291c29e
commit 277e41829d

View File

@ -10,6 +10,8 @@ Protocol 2
# HostKeys for protocol version 2 # HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security #Privilege Separation is turned on for security
UsePrivilegeSeparation yes UsePrivilegeSeparation yes