From e298721c697e3cd76e8d6af08c01a380a8940b31 Mon Sep 17 00:00:00 2001
From: Martin Goik <goik@hdm-stuttgart.de>
Date: Mon, 27 May 2024 12:01:29 +0200
Subject: [PATCH] Generating ssh known hosts
---
Doc/Sdi/CloudProvider/gettingStarted.xml | 73 +++++++++++++++++++-----
1 file changed, 58 insertions(+), 15 deletions(-)
diff --git a/Doc/Sdi/CloudProvider/gettingStarted.xml b/Doc/Sdi/CloudProvider/gettingStarted.xml
index 09d280f9..0b17ba0a 100644
--- a/Doc/Sdi/CloudProvider/gettingStarted.xml
+++ b/Doc/Sdi/CloudProvider/gettingStarted.xml
@@ -852,21 +852,6 @@ runcmd:
created $(date -u)" >> /var/www/html/index.html</programlisting>
</figure>
- <figure xml:id="sdi_cloudProvider_cloudInit_kownHostsDuplicateProblem">
- <title>Duplicate known_hosts entry on re-creating server</title>
-
- <para>Problem of repeated <command
- linkend="glo_Terraform">terraform</command>
- <option>apply</option>:</para>
-
- <screen>$ ssh root@128.140.108.60
-@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
-@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
-Someone could be eavesdropping on you right now (<emphasis role="red">man-in-the-middle attack</emphasis>)!</screen>
- </figure>
-
<figure xml:id="sdi_cloudProvider_cloudInit_watchOutForBadGuys">
<title>Watch out for your enemies!</title>
@@ -1109,6 +1094,64 @@ Status for the jail: sshd
</qandaentry>
</qandadiv>
</qandaset>
+
+ <figure xml:id="sdi_cloudProvider_cloudInit_kownHostsDuplicateProblem">
+ <title>Problem: Duplicate <filename>known_hosts</filename> entry on
+ re-creating server</title>
+
+ <para>Problem of repeated <command
+ linkend="glo_Terraform">terraform</command>
+ <option>apply</option>:</para>
+
+ <screen>$ ssh root@128.140.108.60
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
+Someone could be eavesdropping on you right now (<emphasis role="red">man-in-the-middle attack</emphasis>)!</screen>
+ </figure>
+
+ <figure xml:id="sdi_cloudProvider_cloudInit_generateKnownHosts">
+ <title>Solution: Generating <filename>known_hosts</filename> ...</title>
+
+ <programlisting language="tf">resource "local_file" "known_hosts" {
+ content = "${hcloud_server.helloServer.ipv4_address} ...
+ ... ${tls_private_key.host.public_key_openssh}"
+ filename = "gen/known_hosts"
+ file_permission = "644"
+}</programlisting>
+ </figure>
+
+ <figure xml:id="sdi_cloudProvider_cloudInit_generateSshWrapper">
+ <title>... and <command>ssh</command> wrapper</title>
+
+ <informaltable border="1">
+ <tr>
+ <th><filename>main.tf</filename></th>
+
+ <th><filename><emphasis
+ role="red">tpl/ssh.sh</emphasis></filename></th>
+ </tr>
+
+ <tr>
+ <td valign="top"><programlisting language="tf">resource "local_file" "ssh_script" {
+ content = templatefile("<emphasis role="red">tpl/ssh.sh</emphasis>", {
+ <emphasis role="green">ip</emphasis>=hcloud_server.hello.ipv4_address
+ })
+ filename = "<emphasis role="blue">bin/ssh</emphasis>"
+ file_permission = "700"
+ depends_on = [local_file.known_hosts]
+}</programlisting></td>
+
+ <td valign="top"><programlisting language="bash">#!/usr/bin/env bash
+
+GEN_DIR=$(dirname "$0")/../gen
+
+ssh -o UserKnownHostsFile= \
+ "$GEN_DIR/known_hosts" devops@<emphasis role="green">${ip}</emphasis> "$@"</programlisting></td>
+ </tr>
+ </informaltable>
+ </figure>
</section>
<section xml:id="sdi_cloudProvider_volume">
--
GitLab