[Freeipa-users] ssh known hosts gets recreated on client
Cory Carlton
cory at pithoslabs.com
Wed Jun 10 12:55:18 UTC 2015
I feel this is a User ssh file issue not a sssd when sshing.
the client is seeing its a different key exchange with the same IP it once
knew about, the known_hosts file on the client machine (and user) in the
.ssh folder need to be updated or wiped clean.
If you edit on the client machine /home/USER/.ssh/known_hosts delete the IP
line.
On Wed, Jun 10, 2015 at 5:33 AM, Bob Hinton <bob at jackland.demon.co.uk>
wrote:
> Hello,
>
> If I uninstall the ipa client with "ipa-client-install --uninstall" then
> reinstall it to the same ipa master then most functions work fine.
> However, if I attempt to ssh from the client to the master then I get.
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that the RSA host key has just been changed.
> The fingerprint for the RSA key sent by the remote host is
> 86:c1:d7:96:8d:a3:b6:54:69:7c:cf:79:55:b3:14:c1.
> Please contact your system administrator.
> Add correct host key in /home/gbob/.ssh/known_hosts to get rid of this
> message.
> Offending key in /var/lib/sss/pubconf/known_hosts:1
> RSA host key for ipa004.jackland.co.uk has changed and you have
> requested strict checking.
> Host key verification failed.
>
> I've tried stopping the sssd service on the client, removing
> /var/lib/sss/pubconf/known_hosts and /var/lib/sss/db/* then restarting
> sssd, but /var/lib/sss/pubconf just gets recreated with the old contents
> and I get the same error (it seems odd that it's reporting that the host
> key of the master has changed when it's the client that has been
> reinstalled). How do I clear-out the client's knowledge of the old host
> keys?
>
> In this case I'm using ipa-client v3.0.0 on RHEL6.6
>
> Thanks
>
> Bob
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150610/e834b34b/attachment.htm>
More information about the Freeipa-users
mailing list