From a58b0d03662a3b6fcb356b7f17ea2fd4577f082c Mon Sep 17 00:00:00 2001
From: Michael Prokop <mprokop@sipwise.com>
Date: Wed, 14 Nov 2012 16:54:42 +0000
Subject: [PATCH] deployment: do not use SSH host key of deployment system

Yak shaving...

From: Michael Prokop <mprokop@sipwise.com>
---
 deployment.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/deployment.sh b/deployment.sh
index df1be53..ebea327 100755
--- a/deployment.sh
+++ b/deployment.sh
@@ -1303,7 +1303,12 @@ if "$PRO_EDITION" ; then
     ngcpcfg commit "deployed /etc/ngcp-config/network.yml on $ROLE"
     ngcpcfg push --shared-only
     ssh-keyscan $PEER >> ~/.ssh/known_hosts
-    ssh $PEER "ssh-keyscan $THIS_HOST >> ~/.ssh/known_hosts"
+
+    # live system uses a different SSH host key than the finally installed
+    # system, so do NOT use ssh-keyscan here
+    SSH_KEY="$(awk '{print $1 " " $2}' /etc/ssh/ssh_host_rsa_key.pub)"
+    ssh $PEER "echo $THIS_HOST \$SSH_KEY >> ~/.ssh/known_hosts"
+
     ssh $PEER ngcpcfg pull
     ngcpcfg build
   fi