[rancid] Re: Rancid troubleshooting

Wed Jan 2 19:41:04 UTC 2008

This is SSH telling you that the host key is different than the one SSH 
has stored (via prior connections).  SSH tells you what to do to rectify 
the problem in the message that it printed.  If this is a valid host, 
but the SSH key has changed, just remove the particular line from the 
file it mentions (/opt/rancid/home/.ssh/known_hosts) and you're all set. 
  Rancid will automatically ack the 'yes/no' prompt when the new key is 
imported.

If this is a system that is a "failover" configuration, like a PIX/FWSM, 
etc ...where the end-host that answers on a given IP may change if one 
or the other system is active, you can run a cronjob to remove the 
known_hosts file on a periodic basis to avoid these kinds of failures. 
Sure, your SSH keychain validity is decreased, but hopefully you're in 
control of what you're logging into to back-up anyway.

Cheers,
-Chris

Shane Haslem wrote:
> Hi all,
> 
>  
> 
> I am getting the following:
> 
>  
> 
> Any ideas?
> 
>  
> 
>  
> 
>  
> 
> Error: Couldn't login: nics066-ce01-2821
> 
> -sh-3.1$ /opt/rancid/bin/clogin nics082-ce01-2821
> 
> nics082-ce01-2821
> 
> spawn ssh -c 3des -x -l rancidaccess nics082-ce01-2821
> 
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> 
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> 
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> 
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> 
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> 
> It is also possible that the RSA host key has just been changed.
> 
> The fingerprint for the RSA key sent by the remote host is
> 
> ee:a1:54:7e:16:9d:f7:c9:ac:56:af:ad:7f:40:d7:56.
> 
> Please contact your system administrator.
> 
> Add correct host key in /opt/rancid/home/.ssh/known_hosts to get rid of 
> this message.
> 
> Offending key in /opt/rancid/home/.ssh/known_hosts:12
> 
> RSA host key for nics082-ce01-2821 has changed and you have requested 
> strict checking.
> 
> Host key verification failed.
> 
>  
> 
> Error: The host key for nics082-ce01-2821 has changed.  Update the SSH 
> known_hosts file accordingly.
> 
>  
> 
>  
> 
>  
> 
> *Shane Haslem*
> 
> *Eircom NI*
> 
> *Alexandra House*
> 
> *283 Upper Newtownards Road*
> 
> *Belfast*
> 
> *BT4 3JH*
> 
> *Phone: (+44) 02890 002135*
> 
> *Mob: (+44) 07791539378*
> 
>  
> 
>  
> 
> 
> The information contained in this e-mail and any files transmitted with 
> it is confidential and may be subject to legal professional privilege. 
> It is intended solely for the use of the addressee(s). If you are not 
> the intended recipient of this e-mail, please note that any review, 
> dissemination, disclosure, alteration, printing, copying or transmission 
> of this e-mail and/or any file transmitted with it, is prohibited and 
> may be unlawful. If you have received this e-mail by mistake, please 
> promptly inform the sender by reply e-mail and delete the material. 
> Whilst this e-mail message has been swept for the presence of computer 
> viruses, eircom (UK) Limited does not, except as required by law, 
> represent, warrant and/or guarantee that the integrity of this 
> communication has been maintained nor that the communication is free of 
> errors, viruses, interception or interference. eircom (UK) Limited. 
> Private Company Limited by Shares. Registered in England and Wales. 
> Registration Number 03478971. Registered Office - South Quay, Plaza 2, 
> 183 Marsh Wall, London, E14 9SH.
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss