[Demi-devel] Format for transferring machine information
John Morrissey
jwm at horde.net
Wed Jan 11 19:43:58 UTC 2006
On Thu, Jan 12, 2006 at 01:29:58AM +1000, Andrew Pollock wrote:
> On Wed, Jan 11, 2006 at 10:24:02AM -0500, John Morrissey wrote:
> > On Wed, Jan 11, 2006 at 07:12:57AM +1000, Andrew Pollock wrote:
> > > 3) Use the pipelining feature of the new version of OpenSSH
> >
> > That feature seems really nifty. sarge shipped with OpenSSH < 4.0, but
> > maybe we could use this as an optimization, if available.
>
> Given that Demi is only going to ship with etch if we're lucky, it's not
> going to be the end of the world if we rely on this feature, and stipulate
> etch as our first functional release that we work with.
That brings up the subject of SSH host keys. Currently, add-new-machine(1)
allows ssh(1)'s yes/no question to pass through to the user, who must
manually acknowledge the new key.
To what extent should this be automated? If the host key doesn't exist,
should we acknowledge it automatically? This seems bad from the
paranoid-admin perspective, and automatically accepting changed host keys is
even worse.
Seems like we're getting into PySSH (http://pyssh.sourceforge.net/)
territory here, but it doesn't support scp (yet). Should we parse the ssh
output and present a nice interface to the user? What happens if the host is
reinstalled and the host key changes, but a cron job first encounters the
change? Flag the machine with a special status and note that in the web
interface, maybe e-mail notification?
john
--
John Morrissey _o /\ ---- __o
jwm at horde.net _-< \_ / \ ---- < \,
www.horde.net/ __(_)/_(_)________/ \_______(_) /_(_)__
More information about the Demi-devel
mailing list