[Freeipa-users] ssh known hosts gets recreated on client
Bob Hinton
bob at jackland.demon.co.uk
Wed Jun 10 10:33:02 UTC 2015
Hello,
If I uninstall the ipa client with "ipa-client-install --uninstall" then
reinstall it to the same ipa master then most functions work fine.
However, if I attempt to ssh from the client to the master then I get.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
86:c1:d7:96:8d:a3:b6:54:69:7c:cf:79:55:b3:14:c1.
Please contact your system administrator.
Add correct host key in /home/gbob/.ssh/known_hosts to get rid of this
message.
Offending key in /var/lib/sss/pubconf/known_hosts:1
RSA host key for ipa004.jackland.co.uk has changed and you have
requested strict checking.
Host key verification failed.
I've tried stopping the sssd service on the client, removing
/var/lib/sss/pubconf/known_hosts and /var/lib/sss/db/* then restarting
sssd, but /var/lib/sss/pubconf just gets recreated with the old contents
and I get the same error (it seems odd that it's reporting that the host
key of the master has changed when it's the client that has been
reinstalled). How do I clear-out the client's knowledge of the old host
keys?
In this case I'm using ipa-client v3.0.0 on RHEL6.6
Thanks
Bob
More information about the Freeipa-users
mailing list