Skip to content

Don't advertise federation host with empty SSH fingerprint#3183

Open
larsewi wants to merge 1 commit into
cfengine:masterfrom
larsewi:fr-guard-empty-ssh-fingerprint
Open

Don't advertise federation host with empty SSH fingerprint#3183
larsewi wants to merge 1 commit into
cfengine:masterfrom
larsewi:fr-guard-empty-ssh-fingerprint

Conversation

@larsewi

@larsewi larsewi commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

When ssh-keyscan localhost returns nothing (e.g. sshd not yet reachable), the feeder still wrote its setup status with an empty transport_ssh_server_fingerprint. Superhubs then rendered an empty known_hosts entry and the rsync pull failed with "Host key verification failed". Gate the status write on a non-empty fingerprint and retry on later runs.

If ssh-keyscan returns no host key, the setup status was still written
with an empty transport_ssh_server_fingerprint. Superhubs then rendered
an empty known_hosts entry for the host and the rsync pull later failed
with "Host key verification failed". Gate the status update on a
non-empty fingerprint and retry on subsequent runs.

Changelog: Don't advertise federation host with empty SSH fingerprint
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
@larsewi larsewi added the cherry-pick? Fixes which may need to be cherry-picked to LTS branches label Jun 29, 2026
@larsewi

larsewi commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

@cf-bottom Jenkins please :)

@cf-bottom

Copy link
Copy Markdown

@larsewi

larsewi commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

@cf-bottom Jenkins please :)

@cf-bottom

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

cherry-pick? Fixes which may need to be cherry-picked to LTS branches

Development

Successfully merging this pull request may close these issues.

2 participants