ssh root@$faiserver_host dd of=/srv/fai/config/package_config/DESKTOP 2>/dev/null ||: # broken pipe
-rsync -r --delete /a/bin/fai-basefiles/basefiles root@$faiserver_host:/srv/fai/config
+rsync -rplt --delete /a/bin/fai-basefiles/basefiles root@$faiserver_host:/srv/fai/config
ssh root@$faiserver_host bash <<'EOF'
set -eE -o pipefail
set -x
changed=false
f=/srv/fai/nfsroot/root/.ssh/known_hosts
+install -d -m 700 /srv/fai/nfsroot/root/.ssh
# the known hosts entries that fai already sets up are like
# IP,HOSTNAME key_info...
# we are skipping the ip, because it doesn't block ssh
# with a prompt as long as you have the user supplied hostname,
# and i don't want to deal with getting it, it's not adding
# any important security in this case.
-if ! grep -xFq "$line" $f; then
+if ! grep -xFq "$line" $f &>/dev/null; then
changed=true
printf "%s\n" "$line" >>$f
fi