Verifying SSH host keys on new Linodes
When I SSH into a Linode for the first time, the client naturally wants me to verify the host key's fingerprint. I know that most people blindly say "yes" here, but this seems unnecessarily dangerous. Instead, I habitually LISH into each new Linode and run ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -l to get the proper fingerprint. This works, but it's tedious, as you might imagine.
What I'd like is some (mostly) automated process that makes me a new Linode and drops its corresponding public host key into my ~/.ssh/known_hosts, and I want it to be no less vulnerable to MITM than the process I use now. (ssh-keyscan need not apply.)
Has anyone come up with a solution? I've thought about generating the keypairs locally and sending the private keys to new Linodes via StackScript variables, but I don't know how easy that would be. (SSH private keys are multi-line, 1-4 KB text strings. Can StackScript variables handle those?)
Thanks,
Daniel Gnoutcheff
Systems Administrator
Software Freedom Law Center
2 Replies
I found a very helpful guide on exactly what you are trying to accomplish. It does appear that you were on the right track when you mentioned a StackScript solution. I hope this guide helps!
I came accross this with the same problem but didn't want to use StackScript.
I've been able to automate the key access step through Lish by using the Lish SSH gateway instead of copying the values from web Lish.
The connection between Lish and the linodes is trusted, so the public keys obtained through the Lish gateway can be trusted as the linode's authentic public keys.
We can authenticate the Lish gateway because there's a list of Lish gateway public keys published by Linode.
You could also just use the Lish SSH gateway for accessing linodes and avoid having to verify their authenticity in the first place.
Hope this helps.