Hello there, I'm using Debian Bullseye and FAI 5.10.3 und for some reason my installed systems do have an ECDSA host key (/etc/ssh/ssh_host_ecdsa_key.pub).
Doing a 'fai softupdate' (task_savelog) I run into the problem: "The authenticity of host 'fai-server (192.168.178.11)' can't be established. ECDSA key fingerprint is SHA256:xxxxxxyyyyyyzzzzzz. Are you sure you want to continue connecting (yes/no/[fingerprint])?" Obviously the fingerprint is missing in my setup ( I use to fcopy the known_hosts to my clients ) and for that reason I just take my servers /var/log/fai/remote-logs/.ssh/known_hosts and copy it to /srv/fai/config/files/root/.ssh/known_hosts/CLIENT on my server. This file is created by /usr/sbin/fai-setup and I found that the rsa- key and the ed25519-key are recognised and handled well (except some obfuscation), but the ecdsa-key still is missing. Of course I could modify the file by my own, but since fai-setup does the job anyway it is conveniant for me to just take it. My question is: Is this the intended behaviour for fai-setup and I am on a wrong way with ecdsa or with copying known_hosts or is ecdsa simply forgotten in fai-setup and should be added? Thanks a lot Christian
