<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">The /home/USER/.ssh/known_hosts file
doesn't exist. It's /var/lib/sss/pubconf/known_hosts that's the
problem.<br>
<br>
If the offending line is deleted from this file or this file is
deleted completely then it's automatically replaced and the same
error occurs.<br>
<br>
On 10/06/2015 13:55, Cory Carlton wrote:<br>
</div>
<blockquote
cite="mid:CAC3PCAJBc77e42+p7BLxLeGQxXYCfdEnAXY45+hxSfja4yy+fQ@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div dir="ltr">
<div>I feel this is a User ssh file issue not a sssd when
sshing. </div>
the client is seeing its a different key exchange with the same
IP it once knew about, the known_hosts file on the client
machine (and user) in the .ssh folder need to be updated or
wiped clean.
<div><br>
</div>
<div>If you edit on the client machine
/home/USER/.ssh/known_hosts delete the IP line.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Jun 10, 2015 at 5:33 AM, Bob
Hinton <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:bob@jackland.demon.co.uk" target="_blank">bob@jackland.demon.co.uk</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
If I uninstall the ipa client with "ipa-client-install
--uninstall" then<br>
reinstall it to the same ipa master then most functions work
fine.<br>
However, if I attempt to ssh from the client to the master
then I get.<br>
<br>
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@<br>
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @<br>
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@<br>
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!<br>
Someone could be eavesdropping on you right now
(man-in-the-middle attack)!<br>
It is also possible that the RSA host key has just been
changed.<br>
The fingerprint for the RSA key sent by the remote host is<br>
86:c1:d7:96:8d:a3:b6:54:69:7c:cf:79:55:b3:14:c1.<br>
Please contact your system administrator.<br>
Add correct host key in /home/gbob/.ssh/known_hosts to get
rid of this<br>
message.<br>
Offending key in /var/lib/sss/pubconf/known_hosts:1<br>
RSA host key for <a moz-do-not-send="true"
href="http://ipa004.jackland.co.uk" target="_blank">ipa004.jackland.co.uk</a>
has changed and you have<br>
requested strict checking.<br>
Host key verification failed.<br>
<br>
I've tried stopping the sssd service on the client, removing<br>
/var/lib/sss/pubconf/known_hosts and /var/lib/sss/db/* then
restarting<br>
sssd, but /var/lib/sss/pubconf just gets recreated with the
old contents<br>
and I get the same error (it seems odd that it's reporting
that the host<br>
key of the master has changed when it's the client that has
been<br>
reinstalled). How do I clear-out the client's knowledge of
the old host<br>
keys?<br>
<br>
In this case I'm using ipa-client v3.0.0 on RHEL6.6<br>
<br>
Thanks<br>
<span class="HOEnZb"><font color="#888888"><br>
Bob<br>
<br>
--<br>
Manage your subscription for the Freeipa-users mailing
list:<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go to <a moz-do-not-send="true"
href="http://freeipa.org" target="_blank">http://freeipa.org</a>
for more info on the project<br>
</font></span></blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>