Trying to figure out what a certain authorized_key record is all about
Hello -
I have a RHEV-M server and 2 data centers. Each datacenter has 6 RHEV/RHEL hosts. Full-blown RHEL, not RHEV-H appliances. I am running RHEV 3.2. All clusters and data centers are at the 3.2 compatability level. All were built with 3.1 and upgraded this week from 3.1 to 3.2.
Looking at /root/.ssh/authorized_keys on my RHEV-M server, I see an entry that looks like this:
ssh-rsa AAAAB3nZa...Lots_of_digits...PIO7j ovirt-engine
I see the same entry in all my RHEL/RHEV hosts.
Wonderful - if I understand this, the authorized_keys file is a list of public keys such that systems sending over the corresponding private keys can log on as root without sending a password.
According to "man sshd", each record/line in this file is a space separated list formatted like this:
Options KeyType Key Comments
The Options field is optional and starts with a number if present. In my case, I don't have any options, it's an ssh-rsa key, it has lots of digits, and the comment is "ovirt-engine".
This site needs to comply with some strict security requirements and I need to find out what this key belongs to. In some of the other records in authorized_keys, the comment field takes the form, root@hostname, so I can reasonably infer where those records come from.
But there is no user account named ovirt-engine on either the hosts or the RHEV-M server here, so the "ovirt-engine" comment gives no clue where that key comes from.
The closest I can find is an ovirt username on the RHEV-M server:
[root@rhevm .ssh]# grep engine /etc/passwd
ovirt:x:108:108:oVirt Manager:/var/lib/ovirt-engine:/sbin/nologin
If I am unable to find out where this key comes from, the site will get rid of it and then I'll many late nights dealing with a deep dark failure somewhere.
Any ideas how to chase down this key? That key depends on both the user and system, right? So every user on every system would have a unique public/private key pair - right?
thanks
- Greg Scott
