Page MenuHomeVyOS Platform
Create Task
Maniphest T5455

SSH fingerprints isnt migrated during add system image
Open, NormalPublicBUG
Actions

Description

When upgrading a VyOS installation by using "add system image" there is a part that migrates current configuration and SSH keys like so:

Installing "1.4-rolling-202308060317" image.
Copying new release files...
Would you like to save the current configuration 
directory and config file? (Yes/No) [Yes]: 
Copying current configuration...
Would you like to save the SSH host keys from your 
current configuration? (Yes/No) [Yes]: 
Copying SSH keys...
Running post-install script...
Setting up grub configuration...
Done.

However already learned and verified fingerprints of SSH hosts are not migrated which means that after an upgrade using "add system image" and reboot you must verifiy and approve SSH fingerprints again:

The authenticity of host '<REMOVED> (<REMOVED>)' can't be established.
<REMOVED> key fingerprint is <REMOVED>.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '<REMOVED>' (<REMOVED>) to the list of known hosts.
<REMOVED>@<REMOVED>'s password:

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.4-rolling-202308060317
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Improvement (missing useful functionality)

Related Objects
Search...

Event Timeline

Apachez created this task.Aug 10 2023, 7:15 AM
pasik added a subscriber: pasik.Aug 10 2023, 8:27 AM
Viacheslav added a subscriber: Viacheslav.Sep 5 2023, 2:12 PM

It only saves the SSH keys https://github.com/vyos/vyatta-cfg-system/blob/c2d9dea2524297404fb27028c1f41124dc47c24f/scripts/install/install-image-existing#L223-L231

Apachez added a comment.Sep 6 2023, 3:25 PM

So what needs to be done is to copy that block and make a separate question regarding:

Would you like to save the SSH known hosts (fingerprints)
from your current configuration? (Yes/No) [Yes]:

And if "Yes" then copy both /root/.ssh/known_hosts and /home/<username>/.ssh/known_hosts to the new persistence directory of each user.

yun added a subscriber: yun.Sep 14 2023, 10:57 AM

Would also be nice to include the global known_hosts file in /etc/ssh/ssh_known_hosts.

gmurphy42 mentioned this in T5652: Config migrate to image upgrade does not properly generate home directory.Oct 12 2023, 5:56 PM
I-n-d-y added a subscriber: I-n-d-y.Oct 14 2023, 4:51 PM
Viacheslav triaged this task as Normal priority.Jan 20 2024, 1:01 PM
Viacheslav added a parent task: T6279: The root task for copying SSH keys and files from the home directory to use between updates.Mon, Apr 29, 6:24 AM