[Freeipa-users] ssh known hosts gets recreated on client

Bob Hinton bob at jackland.demon.co.uk
Wed Jun 10 13:11:06 UTC 2015 

The /home/USER/.ssh/known_hosts file doesn't exist. It's
/var/lib/sss/pubconf/known_hosts that's the problem.

If the offending line is deleted from this file or this file is deleted
completely then it's automatically replaced and the same error occurs.

On 10/06/2015 13:55, Cory Carlton wrote:
> I feel this is a User ssh file issue not a sssd when sshing. 
> the client is seeing its a different key exchange with the same IP it
> once knew about, the known_hosts file on the client machine (and user)
> in the .ssh folder need to be updated or wiped clean.
>
> If you edit on the client machine /home/USER/.ssh/known_hosts delete
> the IP line.
>
> On Wed, Jun 10, 2015 at 5:33 AM, Bob Hinton <bob at jackland.demon.co.uk
> <mailto:bob at jackland.demon.co.uk>> wrote:
>
>     Hello,
>
>     If I uninstall the ipa client with "ipa-client-install
>     --uninstall" then
>     reinstall it to the same ipa master then most functions work fine.
>     However, if I attempt to ssh from the client to the master then I get.
>
>     @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>     @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
>     @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>     IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
>     Someone could be eavesdropping on you right now (man-in-the-middle
>     attack)!
>     It is also possible that the RSA host key has just been changed.
>     The fingerprint for the RSA key sent by the remote host is
>     86:c1:d7:96:8d:a3:b6:54:69:7c:cf:79:55:b3:14:c1.
>     Please contact your system administrator.
>     Add correct host key in /home/gbob/.ssh/known_hosts to get rid of this
>     message.
>     Offending key in /var/lib/sss/pubconf/known_hosts:1
>     RSA host key for ipa004.jackland.co.uk
>     <http://ipa004.jackland.co.uk> has changed and you have
>     requested strict checking.
>     Host key verification failed.
>
>     I've tried stopping the sssd service on the client, removing
>     /var/lib/sss/pubconf/known_hosts and /var/lib/sss/db/* then restarting
>     sssd, but /var/lib/sss/pubconf just gets recreated with the old
>     contents
>     and I get the same error (it seems odd that it's reporting that
>     the host
>     key of the master has changed when it's the client that has been
>     reinstalled). How do I clear-out the client's knowledge of the old
>     host
>     keys?
>
>     In this case I'm using ipa-client v3.0.0 on RHEL6.6
>
>     Thanks
>
>     Bob
>
>     --
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     Go to http://freeipa.org for more info on the project
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150610/d057bc5c/attachment.htm>

More information about the Freeipa-users mailing list