From 5b8df374484bee0ef3eb30ac4eda9fa3cb0f325d Mon Sep 17 00:00:00 2001 From: miampf Date: Thu, 3 Apr 2025 17:59:10 +0200 Subject: [PATCH] cli: write known_hosts file --- cli/internal/cmd/ssh.go | 5 ++++- docs/docs/workflows/troubleshooting.md | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/cli/internal/cmd/ssh.go b/cli/internal/cmd/ssh.go index 33ebabfaa..44ba10906 100644 --- a/cli/internal/cmd/ssh.go +++ b/cli/internal/cmd/ssh.go @@ -74,7 +74,10 @@ func writeCertificateForKey(cmd *cobra.Command, keyPath string, fh file.Handler, return fmt.Errorf("generating SSH emergency CA key: %s", err) } - debugLogger.Debug("SSH CA KEY generated", "public-key", string(ssh.MarshalAuthorizedKey(ca.PublicKey()))) + marshalledKey := string(ssh.MarshalAuthorizedKey(ca.PublicKey())) + debugLogger.Debug("SSH CA KEY generated", "public-key", marshalledKey) + knownHostsContent := fmt.Sprintf("@cert-authority * %s", marshalledKey) + fh.Write("./known_hosts", []byte(knownHostsContent), file.OptMkdirAll) keyBuffer, err := fh.Read(keyPath) if err != nil { diff --git a/docs/docs/workflows/troubleshooting.md b/docs/docs/workflows/troubleshooting.md index 903c829e0..666dbbc33 100644 --- a/docs/docs/workflows/troubleshooting.md +++ b/docs/docs/workflows/troubleshooting.md @@ -177,7 +177,7 @@ Emergency SSH access to nodes can be useful to diagnose issues or download impor 3. Now you can connect to any Constellation node using your certificate and your private key. ```bash - ssh -o CertificateFile=constellation_cert.pub -i root@ + ssh -o CertificateFile=constellation_cert.pub -o UserKnownHostsFile=./known_hosts -i root@ ``` Normally, you don't have access to the Constellation nodes since they reside in a private network. @@ -192,6 +192,7 @@ Emergency SSH access to nodes can be useful to diagnose issues or download impor IdentityFile PreferredAuthentications publickey CertificateFile=constellation_cert.pub + UserKnownHostsFile=./known_hosts User root ProxyJump ```