ssh authorized_keys and known_hosts

William Reade william.reade at
Wed Oct 19 07:37:29 UTC 2011

On Tue, 2011-10-18 at 11:47 -0400, Scott Moser wrote:
> Since I already have ssh keys on my system that are password protected, and
> already have those loaded into my ssh-agent, I'd hope you can re-use those
> for local-system -> zookeeper.  It would *not* be an improvement to
> generate a new set of passwordless keys and use them.

Noted; thanks for pointing this out. Is this a general objection to
passwordless keys, or would they be a reasonable solution when
pre-existing ones cannot be found?

> > two host keys, install both to a separate, known_hosts.juju file.
> > Install the first key on the system via metadata/cloud-init.  Replace
> > that key as soon as possible with the second key, transmitted over
> > ssh.  Oh, and prune the fingerprints when you're done with them (ie,
> > when you destroy the environment).
> The benefit that JuJu has here is that they have a place where the
> instance can post its keys to.  Your solution works well, but the 2 sets
> of keys are not necessary if the instance itself can post its public keys
> securely.

Sadly, I'm pretty certain that (at the moment) we *can't* post them
securely; I didn't examine the whole chain of interactions :-/. And it
seemed like such a good idea at the time...

Regardless, it's not going to work -- and anything we do in this space
still has to solve the fundamental problem of getting secrets onto EC2
instances securely. Given that, Dustin's two-key solution does strike me
as a good way forward, for when we actually start work on this; does
anyone disagree with this?

More information about the Juju mailing list