#1978 [RFE] Keep Host SSH keys in IPA for the client reinstall use case
Closed: wontfix 5 years ago Opened 12 years ago by dpal.

https://bugzilla.redhat.com/show_bug.cgi?id=746036

Description of problem:
RFE: Following my IRC discussion with JrAquino_ Allowing IPA to have a
host-object containing the host SSH key object would be very useful when
reinstalling a machine. (Such as a workstation.)

Version-Release number of selected component (if applicable):
IPA 2.1.1

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

After looking at it more closely this would be a big new feature. We do not have capacity to do it now but I will rise a priority for it for next release and suggest deferring.

We do not want to get in the business of storing private ssh keys.
When a client is reinstalled it should simply upload its new keys to IPA.
The whole point of distributing valid ssh public host keys via IPA is to make it possible to change keys easily after all.

I agree with Simo. This feature is out of scope of the SSH integration effort.

From the discussion posted at RH bugzilla I have the feeling the main concern is about users blindly accepting unknown host keys. We already handle that by generating IPA known_hosts file on each IPA-mananaged host.

Moving to next month iteration.

Metadata Update from @dpal:
- Issue assigned to jcholast
- Issue set to the milestone: Ticket Backlog

7 years ago

Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.

Metadata Update from @rcritten:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

5 years ago

Login to comment on this ticket.

Metadata