Page MenuHomeVyOS Platform

SSH fingerprints isnt migrated during add system image
Open, Requires assessmentPublicBUG


When upgrading a VyOS installation by using "add system image" there is a part that migrates current configuration and SSH keys like so:

Installing "1.4-rolling-202308060317" image.
Copying new release files...
Would you like to save the current configuration 
directory and config file? (Yes/No) [Yes]: 
Copying current configuration...
Would you like to save the SSH host keys from your 
current configuration? (Yes/No) [Yes]: 
Copying SSH keys...
Running post-install script...
Setting up grub configuration...

However already learned and verified fingerprints of SSH hosts are not migrated which means that after an upgrade using "add system image" and reboot you must verifiy and approve SSH fingerprints again:

The authenticity of host '<REMOVED> (<REMOVED>)' can't be established.
<REMOVED> key fingerprint is <REMOVED>.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '<REMOVED>' (<REMOVED>) to the list of known hosts.
<REMOVED>@<REMOVED>'s password:


Difficulty level
Unknown (require assessment)
VyOS 1.4-rolling-202308060317
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Improvement (missing useful functionality)

Event Timeline

So what needs to be done is to copy that block and make a separate question regarding:

Would you like to save the SSH known hosts (fingerprints)
from your current configuration? (Yes/No) [Yes]:

And if "Yes" then copy both /root/.ssh/known_hosts and /home/<username>/.ssh/known_hosts to the new persistence directory of each user.

Would also be nice to include the global known_hosts file in /etc/ssh/ssh_known_hosts.