* Re: [pve-devel] [PATCH docs 1/2] ssh: make pitfalls a regular section instead of block
[not found] <574369b4-4ba1-4e47-a451-3291c53a1daf@proxmox.com>
@ 2024-01-12 13:12 ` Fiona Ebner
0 siblings, 0 replies; 2+ messages in thread
From: Fiona Ebner @ 2024-01-12 13:12 UTC (permalink / raw)
To: Proxmox VE development discussion
Am 12.01.24 um 13:40 schrieb Esi Y:
>> @@ -918,9 +918,9 @@ transfer memory and disk contents.
>>
>> * Storage replication
>>
>> -.Pitfalls due to automatic execution of `.bashrc` and siblings
>> -[IMPORTANT]
>> -====
>> +Pitfalls due to automatic execution of `.bashrc` and siblings
>> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> +
>> In case you have a custom `.bashrc`, or similar files that get executed on
>
> Would it be too radical to suggest that PVE as an appliance could afford to overwrite .bashrc upon every boot for the root account and document that instead? The other alternative is to use different user for PVE tasks, but why have/allow custom .bashrc on a root to begin with?
>
>
Yes, that is too radical and unexpected. Users will not be happy if
their .bashrc is automatically overwritten. It's perfectly legitimate to
log in as root for an admin and use bash, so forcing something upon
people there is not nice.
(Sorry, CC for the mailing list got lost, so re-sending)
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pve-devel] [PATCH cluster/manager/storage/docs 0/9] fix #4886: improve SSH handling
@ 2024-01-11 10:51 Fabian Grünbichler
2024-01-11 10:51 ` [pve-devel] [PATCH docs 1/2] ssh: make pitfalls a regular section instead of block Fabian Grünbichler
0 siblings, 1 reply; 2+ messages in thread
From: Fabian Grünbichler @ 2024-01-11 10:51 UTC (permalink / raw)
To: pve-devel
this series replaces the old mechanism that used a cluster-wide merged known
hosts file with distributing of each node's host key via pmxcfs, and pinning
the distributed key explicitly for internal SSH connections.
the main changes in pve-cluster somewhat break the old manager and
storage versions, but only when such a partial upgrade is mixed with a
host key rotation of some sort.
pve-storage uses a newly introduced helper, so needs a versioned
dependency accordingly.
the last pve-docs patch has a placeholder for the actual version shipping the
changes which needs to be replaced when applying.
there's still some potential for follow-ups:
- 'pvecm ssh' wrapper to debug and/or re-use the host key pinning (and other
future changes)
- also add non-RSA host keys
- key (and thus authorized keys) and/or sshd disentangling (this
potentially also affects external access, so might be done on a major
release to give more heads up)
cluster:
Fabian Grünbichler (4):
fix #4886: write node SSH hostkey to pmxcfs
fix #4886: SSH: pin node's host key if available
ssh: expose SSH options on their own
pvecm: stop merging SSH known hosts by default
src/PVE/CLI/pvecm.pm | 10 ++++++++--
src/PVE/Cluster/Setup.pm | 24 +++++++++++++++++++++---
src/PVE/SSHInfo.pm | 31 +++++++++++++++++++++++++++----
3 files changed, 56 insertions(+), 9 deletions(-)
docs:
Fabian Grünbichler (2):
ssh: make pitfalls a regular section instead of block
ssh: document PVE-specific setup
pvecm.adoc | 26 +++++++++++++++++++++-----
1 file changed, 21 insertions(+), 5 deletions(-)
manager:
Fabian Grünbichler (2):
vnc: use SSH command helper
pvesh: use SSH command helper
PVE/API2/Nodes.pm | 3 ++-
PVE/CLI/pvesh.pm | 4 ++--
2 files changed, 4 insertions(+), 3 deletions(-)
storage:
Fabian Grünbichler (1):
upload: use SSH helper to get ssh/scp options
src/PVE/API2/Storage/Status.pm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--
2.39.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pve-devel] [PATCH docs 1/2] ssh: make pitfalls a regular section instead of block
2024-01-11 10:51 [pve-devel] [PATCH cluster/manager/storage/docs 0/9] fix #4886: improve SSH handling Fabian Grünbichler
@ 2024-01-11 10:51 ` Fabian Grünbichler
0 siblings, 0 replies; 2+ messages in thread
From: Fabian Grünbichler @ 2024-01-11 10:51 UTC (permalink / raw)
To: pve-devel
because we'll add another one before it, and formatting is off otherwise.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
pvecm.adoc | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/pvecm.adoc b/pvecm.adoc
index 1f78585..5b5b27b 100644
--- a/pvecm.adoc
+++ b/pvecm.adoc
@@ -918,9 +918,9 @@ transfer memory and disk contents.
* Storage replication
-.Pitfalls due to automatic execution of `.bashrc` and siblings
-[IMPORTANT]
-====
+Pitfalls due to automatic execution of `.bashrc` and siblings
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
In case you have a custom `.bashrc`, or similar files that get executed on
login by the configured shell, `ssh` will automatically run it once the session
is established successfully. This can cause some unexpected behavior, as those
@@ -940,8 +940,6 @@ case $- in
*) return;;
esac
----
-====
-
Corosync External Vote Support
------------------------------
--
2.39.2
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-01-12 13:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <574369b4-4ba1-4e47-a451-3291c53a1daf@proxmox.com>
2024-01-12 13:12 ` [pve-devel] [PATCH docs 1/2] ssh: make pitfalls a regular section instead of block Fiona Ebner
2024-01-11 10:51 [pve-devel] [PATCH cluster/manager/storage/docs 0/9] fix #4886: improve SSH handling Fabian Grünbichler
2024-01-11 10:51 ` [pve-devel] [PATCH docs 1/2] ssh: make pitfalls a regular section instead of block Fabian Grünbichler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox