[rancid] Cisco Firewall Failover

Shlomo Dubrowin shlomo at dubrowin.org
Wed Feb 7 14:40:57 UTC 2007

When Cisco PIXs failover, they swap IP Addresses.  This is great, the
machines they are protecting continue to function properly.  However,
when Rancid tries to SSH to them afterwards, the ssh key stored in the
known_hosts file is now incorrect and Rancid fails to back them up.

Does anyone have a good solution on how to deal with this problem
besides changing permissions on the known_hosts file so the keys don't
get stored in the first place?  This solution seems less secure since
it's susceptible to a man-in-the-middle attack.

Thank you.


More information about the Rancid-discuss mailing list