SSH "Remote Host Identification Has Changed!" error in VCF Operations for Networks
Article ID: 391434
Updated On:
Products
VCF Operations for Networks
Issue/Introduction
On SSH login to one or more Platform nodes in a clustered deployment of VCF Operations for Networks as the support user, you see the following messages:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!Someone could be eavesdropping on you right now (man-in-the-middle attack)!It is also possible that a host key has just been changed.
Environment
VCF Operations for Networks 6.14.x
Cause
The Host key has been replaced by the remote host with a different ECDSA key.
The SSH ECDSA host key fingerprints on Platform 1 no longer match the keys presented by other nodes, often occurring after node replacements, certificate rotations, or upgrades.
Resolution
Follow the instructions below to resolve the issue:
- Login to Platform node 1 as the support user.
- Enter ub to switch to the Ubuntu user.
- Run the following command:
sudo /home/ubuntu/run_all.sh "sudo rm -f /home/ubuntu/.ssh/known_hosts /root/.ssh/known_hosts /home/support/.ssh/known_hosts"
- The above command needs to be entered only on Platform node 1
- After the command completes, SSH to each Platform node in the deployment as the support user and the expected result is that the warning message dialogue shown does not appear.
Feedback
Yes
No
Powered by
