Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
32fa438d
Commit
32fa438d
authored
Apr 11, 2018
by
Gabriel Mazetto
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Improved host key replication documentation
parent
4720da84
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
31 additions
and
11 deletions
+31
-11
doc/administration/geo/replication/configuration.md
doc/administration/geo/replication/configuration.md
+31
-11
No files found.
doc/administration/geo/replication/configuration.md
View file @
32fa438d
...
@@ -103,29 +103,49 @@ keys must be manually replicated to the secondary node.
...
@@ -103,29 +103,49 @@ keys must be manually replicated to the secondary node.
find /etc/ssh -iname ssh_host_* -exec cp {} {}.backup.`date +%F` \;
find /etc/ssh -iname ssh_host_* -exec cp {} {}.backup.`date +%F` \;
```
```
1.
SSH into the
**primary**
node, and execute the command below
:
1.
Copy OpenSSH host keys from
**primary**
:
```bash
```bash
sudo find /etc/ssh -iname ssh_host_* -not -iname '*.pub'
# Run this from the secondary node, change `primary-node-fqdn` for the IP or FQDN of the server
scp root@primary-node-fqdn:/etc/ssh/ssh_host_*_key* /etc/ssh
```
```
1.
For each file in that list replace the file from the primary node to
the
**same**
location on your
**secondary**
node.
1.
On your
**secondary**
node, ensure the file permissions are correct:
1.
On your
**secondary**
node, ensure the file permissions are correct:
```bash
```bash
chown root:root /etc/ssh/ssh_host_*
chown root:root /etc/ssh/ssh_host_*
_key*
chmod 0600 /etc/ssh/ssh_host_*
chmod 0600 /etc/ssh/ssh_host_*
_key*
```
```
1.
To verify key fingerprint matches, execute the following command on both nodes:
1.
Regenerate the public keys from the private keys:
```bash
```bash
find /etc/ssh -iname ssh_host_* -not -iname '*.backup*' -exec sh -c 'ssh-keygen -y -f "{}" > "{}.pub"' \;
for file in /etc/ssh/ssh_host_*_key; do ssh-keygen -lf $file; done
```
You should get an output similar to this one and they should be identical on both nodes:
```bash
1024 SHA256:FEZX2jQa2bcsd/fn/uxBzxhKdx4Imc4raXrHwsbtP0M root@serverhostname (DSA)
256 SHA256:uw98R35Uf+fYEQ/UnJD9Br4NXUFPv7JAUln5uHlgSeY root@serverhostname (ECDSA)
256 SHA256:sqOUWcraZQKd89y/QQv/iynPTOGQxcOTIXU/LsoPmnM root@serverhostname (ED25519)
2048 SHA256:qwa+rgir2Oy86QI+PZi/QVR+MSmrdrpsuH7YyKknC+s root@serverhostname (RSA)
```
```
1.
Restart sshd:
1.
Verify that you have the correct public keys for the existing private keys:
```bash
# This will print the fingerprint for private keys:
for file in /etc/ssh/ssh_host_*_key; do ssh-keygen -lf $file; done
# This will print the fingerprint for public keys:
for file in /etc/ssh/ssh_host_
*
_key.pub; do ssh-keygen -lf $file; done
```
NOTE: **Note**:
The output for private keys and public keys command should generate the same fingerprint.
1. Restart sshd on your **secondary** node:
```
bash
```
bash
# Debian or Ubuntu installations
# Debian or Ubuntu installations
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
