-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Master public key fingerprint mismatch in EC2 Keypair and "geofront-cli masterkey" command #24
Comments
Okay, I found that authentication failure happens with new EC2 instances from a custom AMI (created before masterkey renewal) only. This means that the key renewal process has gone flawlessly though the displayed fingerprints differ (we need to fix this!). On my side, I need to figure out what actions should be done when using custom AMIs across masterkey renewals. |
After some experiments, I found that giving cloud-config to change default username (specific to my environment) in the instance launch wizard fixes the authentication problem. Then let's figure out why fingerprints look different. |
And here is the reason for different views of the same public key: https://serverfault.com/questions/603982/why-does-my-openssh-key-fingerprint-not-match-the-aws-ec2-console-keypair-finger |
According to my server log, masterkey renewal was done successfully.
However, I cannot access new instances created with the master public key stored in EC2 KeyPair after renewal.
The interesting thing is that the fingerprint value in AWS Console's KeyPair list and the result of
geofront-cli masterkey
is not same while I can still access existing instances created before the key renewal.Even more interestingly, the manually re-imported keypair in the AWS console from the output of
geofront-cli masterkey -v
shows the same fingerprint that was shown in the AWS console before.I hope this is a just configuration miss in my side, but just reporting upfront.
The text was updated successfully, but these errors were encountered: