Trying to figure out what a certain authorized_key record is all about

Hello -

I have a RHEV-M server and 2 data centers. Each datacenter has 6 RHEV/RHEL hosts. Full-blown RHEL, not RHEV-H appliances. I am running RHEV 3.2. All clusters and data centers are at the 3.2 compatability level. All were built with 3.1 and upgraded this week from 3.1 to 3.2.

Looking at /root/.ssh/authorized_keys on my RHEV-M server, I see an entry that looks like this:

ssh-rsa AAAAB3nZa...Lots_of_digits...PIO7j ovirt-engine

I see the same entry in all my RHEL/RHEV hosts.

Wonderful - if I understand this, the authorized_keys file is a list of public keys such that systems sending over the corresponding private keys can log on as root without sending a password.

According to "man sshd", each record/line in this file is a space separated list formatted like this:

Options KeyType Key Comments

The Options field is optional and starts with a number if present. In my case, I don't have any options, it's an ssh-rsa key, it has lots of digits, and the comment is "ovirt-engine".

This site needs to comply with some strict security requirements and I need to find out what this key belongs to. In some of the other records in authorized_keys, the comment field takes the form, root@hostname, so I can reasonably infer where those records come from.

But there is no user account named ovirt-engine on either the hosts or the RHEV-M server here, so the "ovirt-engine" comment gives no clue where that key comes from.

The closest I can find is an ovirt username on the RHEV-M server:
[root@rhevm .ssh]# grep engine /etc/passwd
ovirt:x:108:108:oVirt Manager:/var/lib/ovirt-engine:/sbin/nologin

If I am unable to find out where this key comes from, the site will get rid of it and then I'll many late nights dealing with a deep dark failure somewhere.

Any ideas how to chase down this key? That key depends on both the user and system, right? So every user on every system would have a unique public/private key pair - right?

thanks

• Greg Scott