SCP errors when connecting to device through NCM
search cancel

SCP errors when connecting to device through NCM

book

Article ID: 260330

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

Schedule backup is not running which is configured through NCM. So we took one device and checked using ssh for which below error is showing:


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:xxxxxxxxFxAdJxxxxSjV9W+xxxxxxx.
Please contact your system administrator.
Add correct host key in /home/toolsadmin/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/toolsadmin/.ssh/known_hosts:65
RSA host key for 10.105.110.14 has changed and you have requested strict checking.
Host key verification failed.

So we informed the concern team about this error for which they replied:

You are getting these errors due to old SSH certificates that are stored in Cache of your Spectrum servers. When these devices are replaced, then the SSH certificate also changes, and when Spectrum finds a different certificate than that is cached in its local memory, it throws this error. Please remove the old ssh certificates from cache of Spectrum servers to resolve this issue.

So, Kindy guide us what we should do to solve this issue.

 

 

Environment

Release :21.2.x / 22.2.x

Cause

SSH SCP Key for Known_Hosts is either too older or no longer valid

Resolution

The error message tells you everything that you need to do.   The SSH key that is in the known_hosts file has expired.

The known_hosts file location is

 

/home/toolsadmin/.ssh/known_hosts:65

 

The 65 is the line number where the invalid key is being stored.  (Make a backup of known_hosts file before removing line 65 if you like).

 

Once line 65 has been removed, establish an SSH session to the device that the ‘wrong’ key was associated with.  

You will see a message asking if you’d like to save the key for this device

Answer yes to the prompt; then that key will be saved in the known_hosts file for that device.

 

Powered by Wolken Software