From 68d7196d472b5195c19e871e960996e89a7bcb9c Mon Sep 17 00:00:00 2001
From: Oliver Walsh <owalsh@redhat.com>
Date: Fri, 24 Mar 2017 14:35:09 +0000
Subject: SSH known_hosts config

Fetch the host public keys from each node, combine them all and write to the
system-wide ssh known hosts. The alternative of disabling host key
 verification is vulnerable to a MITM attack.

Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c
(cherry picked from commit 7d3552a105ad5aa62cad0998c11df5ec6bd06ed6)
---
 releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml

(limited to 'releasenotes')

diff --git a/releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml b/releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml
new file mode 100644
index 00000000..8b533b1a
--- /dev/null
+++ b/releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - SSH host key exchange. The ssh host keys are collected from each host,
+    combined, and written to /etc/ssh/ssh_known_hosts.
-- 
cgit 1.2.3-korg