cc_ssh.py: Add configuration for controlling ssh-keygen output#1083
Conversation
|
@dermotbradley , the behavior change looks good, but I'm hesitant to make this default. We have people that scrape the console log for user/connection details, and I wouldn't be surprised if this included key output. Requiring a cloud-config change would still be breaking backwards compatibility, and I don't see a compelling reason this change needs to be default behavior. What do you think about making the default |
This is regarding SSH host key generation, not user key generation. I would be amazed is anyone is scraping the VisualArt output, for the key fingerprints they can be separately (also) displayed via the
I seem to remember seeing someone on IRC recently complaining about the size of the output produced - indeed 17 lines are written for each host key type generated so with the minimum "typical" secure set of ED25519 & RSA only that's 34 lines of output. However I don't mind changing the default to False as I can set it otherwise in my own image creation scripts. |
dermotbradley
force-pushed
the
quiet-ssh-keygen
branch
from
21eea3b to
0129b6e
Compare
When ssh host keys are generated during initial boot the full output of ssh-keygen, including the randomart for the key, is displayed on the console for each of the generated key types, which takes up a large amount of screen output (17 lines per key type). With this change ssh-keygen output is still displayed by default. Setting ssh_quiet_keygen to True will prevent ssh-keygen output from appearing. If only the fingerprints of the host keys should be displayed then this can be achieved using the existing emit_keys_to_console and/or ssh_fp_console_blacklist settings.
dermotbradley
force-pushed
the
quiet-ssh-keygen
branch
from
0129b6e to
77af6d5
Compare
dermotbradley
changed the title
|
@TheRealFalcon The setting's default value has been changed. |
2 participants
Proposed Commit Message
Additional Context
Test Steps
Checklist: