Launchpad itself

Need ssh host key accepted on code import machines

Asked by Max Bowsher on 2010-07-09

Hello LOSAs,

Please run

ssh <email address hidden> blah

as the code import user on each of the code import slave machines, and accept the ssh host key, so that ssh-based cvs code imports from that host can succeed.

Question information

Language:
English Edit question
Status:
Answered
For:
Launchpad itself Edit question
Assignee:
[LEGACY] Canonical WebOps Edit question
Last query:
2011-04-08
Last reply:
2016-05-19

This question was reopened

Robert Collins (lifeless) said : #1

Max, could you please file a bug for this too - not about this
specific case, but the class of problem : sysadmin intervention needed
to approve a host for a users import.

Thorsten Glaser (mirabilos) said : #2

You can run the following command:

ssh -o 'StrictHostKeyChecking no' -l _anoncvs anoncvs.mirbsd.org

With this, you will get the message and ten second delay of anoncvssh (the
chroot-me-and-only-allow-cvs-and-rsync login shell), but the SSH host key
will be automatically added.

It’s also possible to create a ~/.ssh/config with this option on the import
servers, or to create a small shell script like this:

#!/bin/sh
exec /usr/bin/ssh -o 'StrictHostKeyChecking no' "$@"

Store that as nshkcssh and export CVS_RSH=/path/to/nshkcssh so that
cvs will automatically pick that up.

This way you’ll avoid needing to contact the admins every time something
like this happens. (Host key migrations may still need work, though…)

Max Bowsher (maxb) said : #3

Um whoops. This got done ages ago, but I forgot about lifeless' request for a bug to be filed. Now done:

https://bugs.launchpad.net/launchpad/+bug/726834

Marking question solved.

Max Bowsher (maxb) said : #4

It looks like this question ended up in the Answered state erroneously without the host key actually being accepted.

Reopening it for LOSA action.

Stefan Stasik (stefan-stasik) said : #6

Hello, sorry for the delay on this, I have run the ssh command on the 4 importd servers now, you should be all set.

Regards, Stefan

Max Bowsher (maxb) said : #7

Thanks Stefan Stasik, that solved my question.

Thorsten Glaser (mirabilos) said : #8

Thanks everyone, mksh got imported successfully, and I’ve triggered deb.
Can anyone please kick https://code.launchpad.net/~miros-dev/mirbsd/printf
which has been suspended?

I’ll try my luck at making a packaging recipe afterwards. Thanks for the great idea!

Max Bowsher (maxb) said : #9

Sorry Thorsten, that import is broken for other reasons.

Thorsten Glaser (mirabilos) said : #10

Hi again,

due to machines moving and all, I had to change the SSH host key for the anoncvs service, and I decided to generate a fresh new longer key. Can you please drop the old key and add the new key?

The new key can also be found at https://www.mirbsd.org/MirOS/hostkeys.asc (PGP signed), use the second one (“fish.mirbsd.org host key”).

Thanks in advance!

Colin Watson (cjwatson) said : #11

Reopening this ticket so that it pops back into the webops queue. The procedure as outlined in the description of this ticket should still work.

Nick Moffitt (nick-moffitt) said : #12

I have updated the mirbsd host keys on the importds. This should un-stick things again.

Can you help with this problem?

Provide an answer of your own, or ask Max Bowsher for more information if necessary.

To post a message you must log in.