When I update the latest rolling, it asks if I want to save the SSH keys to the new install. However, when it boots to the new image, I have nothing in my.ssh directory, Therefore, I have to recreate and share the keys again every time. Is this the intended behavior? I assume not, as it asks to copy; perhaps a bug? It is kind of annoying to have to regen then every time for my config backups to work.
Thanks for any clarification and/or fix you can offer,
The thing is that normally just the /config is copied onto the new persistent directory and I think the /home dirs aswell.
But the server part of ssh which is placed in /etc might not be copied (I think).
So when you talk about ssh keys… do you mean those found in your /home directory (to be used to verify a ssh server you choose to connect to from VyOS) or do you mean those found in /etc used to identify the VyOS box when you connect to it from a different host?
Despite being prompted to save SSH keys during the update process, he finds that the keys are not retained in the new installation. This inconvenience means he has to recreate and share the keys each time, impacting the functionality of his configuration backups.
This doesn’t seem to be the intended behavior and could potentially be a bug in the update process. It’s understandable why Keith finds this situation annoying, as it disrupts his workflow and adds unnecessary effort to his system maintenance tasks.
Offering clarification and a fix for this issue would likely require input from the VyOS community or support team, as they would have a better understanding of the system’s mechanics and any potential bugs or glitches. Hopefully, Keith will receive the assistance he needs to resolve this problem and streamline his update process in the future.
I appreciate it, Betty. Yes, my non-root user has keys stored in the home directory .ssh to be able to backup configurations, and with the current implementation, it does not backup or restore those keys after a rolling upgrade.
I believe only the /config directory persists between upgrades.
Suggest before you upgrade that you copy the config/ssh files of your additional user(s) there, perform the upgrade and then move files back once you’ve added the user.
This should at least save you the hassle of needing to re-gen keys.
A workaround would be to place your keys in /config/backupssh or such, make sure to give proper permissions to that directory and the files.
Then in /config/scripts/vyos-postconfig-bootup.script you add commands to create a symlink from your current home directory to the physical files found in /config/backupssh.
This way next time you upgrade the keys will follow to the updated version and the vyos-postconfig-bootup.script will make sure the ssh keys will get symlinked from your home directory.
But please file this as a bug over at https://vyos.dev so a more solid solution can be made for this (I think this have been talked about previously but perhaps only on the forum).
Would someone mind submitting the bug on my behalf. I understand the temporary remediation, yet I’m unsure if I could effectively relay the bug and resolution so that it’s fully understood.
It’s been a forever problem. I’ve been running rolling releases for the past six months, and it’s always had the same behavior with regard to SSH keys when upgrading.
question is if we want to keep those keys in config or just pick them up from /config/ssh-client
known hosts probably should be stored in /config/ssh-client directory permanently
I am not sure the best manner in which to handle it. A bug was submitted, and I’m hoping something can be worked out to keep the configuration backups working between new versions.
I would primarily prefer if they are picked up from the home-directory since thats where they end up if you from the VyOS-box choose to SSH to another box and the SSH-client (at VyOS-box) ask you if you wish to store the fingerprint or not.
The installupdate script could probably ask three questions then:
Copy already existing SSH-server private and public keys (/etc/ssh/)?
Copy already existing SSH-client private and public keys (/home/xxx/)?
Copy known_hosts from home-directories (/home/xxx/)?
For future updates it would be probably nice to be able to define known_hosts through the VyOS-config (this way the known_hosts could be created on first boot aswell and not only during updates).