Thanks for summarizing this well. It's worth noting that Peter Volpe is moving the libssh code that consumes SSH keys ... and I believe he has working code for using /etc/ssh/known_hosts.
On 07.02.2017 15:17, Martin Pitt wrote: > Hello all, > > We currently have a planned feature to clean up/improve our config format for > known (remote) machines: > > https://trello.com/c/WSEOANNY/268-finalize-machines-json-format > > This is a bit thin and not easy to understand/rationalize. So I took this plus > what I remembered from last week's discussion plus some thoughts what would > make sense and wrote a draft for what we want to achieve and how it should > look > like: > > > https://github.com/cockpit-project/cockpit/wiki/Config-format-for-known-machines-and-ssh-keys > > I'd appreciate some feedback about whether this makes sense, and opinions > about > the per-user → global SSH host key transfer [1]. The intent has been that once the dashboard is setup by a single user on the system it becomes usable by all users on the system. Hence the global storage of SSH keys was driven by that. However we should have always used /etc/ssh/known_hosts. I believe /var/lib was an implementation detail from before we had "{ superuser: true }" [0] style privilege escalation. Not an opinion per-se ... but I just wanted to make sure the decision reflects the end user experience goal. Cheers, Stef [0]
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cockpit-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
