For what it's worth I managed to get the ovirt-engine's public key from engine.cer using Ruby and turn it into a Puppet fact. Had to borrow some code from https://github.com/bensie/sshkey
https://github.com/treydock/puppet-ovirt/blob/1.x/lib/facter/ovirt_engine_ssh_pubkey.rb Thanks for all the help Alon, now have semi-automated deployment of nodes :). Once 3.5 is released and the Foreman integration is in place, it will be much nicer. Thanks, - Trey On Fri, Aug 22, 2014 at 5:30 AM, Alon Bar-Lev <[email protected]> wrote: > > you are hijacking this thread... but anyway... please refer to the original > question, how to easily convert X.509 certificate to SSH public key. the best > method should avoid using the private key. newer ssh-keygen supports exactly > that. > > ----- Original Message ----- >> From: "Sven Kieske" <[email protected]> >> To: "Alon Bar-Lev" <[email protected]> >> Cc: [email protected] >> Sent: Friday, August 22, 2014 1:24:17 PM >> Subject: Re: [ovirt-users] Proper way to change and persist vdsm >> configuration options >> >> well yeah, it does not generate pkcs#8 by default >> but you can easily convert existing keys via openssl: >> >> openssl pkcs8 -topk8 -v2 des3 \ >> -in test_rsa_key.old -passin 'pass:super secret passphrase' \ >> -out test_rsa_key -passout 'pass:super secret passphrase' >> see this page for more details: >> http://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html >> >> newer ssh-keygen versions use PBKDF2 by default and not MD5 anymore. >> >> HTH >> >> Am 22.08.2014 10:51, schrieb Alon Bar-Lev: >> > the ssh-keygen does not. >> >> -- >> Mit freundlichen Grüßen / Regards >> >> Sven Kieske >> >> Systemadministrator >> Mittwald CM Service GmbH & Co. KG >> Königsberger Straße 6 >> 32339 Espelkamp >> T: +49-5772-293-100 >> F: +49-5772-293-333 >> https://www.mittwald.de >> Geschäftsführer: Robert Meyer >> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen >> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
