Hey All, I'm getting a host key verification failure when I try to juju ssh to one of my units.
username@os-nuc-01:~/.ssh$ juju ssh postgresql/14 -v OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to <ip address> [<ip address>] port 22. debug1: Connection established. debug1: identity file /home/username/.local/share/juju/ssh/juju_id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/username/.local/share/juju/ssh/juju_id_rsa-cert type -1 debug1: identity file /home/username/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/username/.ssh/id_rsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 pat OpenSSH* compat 0x04000000 debug1: Authenticating to <ip address>:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: [email protected] debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:th86nMHQbr0RyuXXnsrBbeOs2JkchFl6gXVBY7p6S2k @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:th86nMHQbr0RyuXXnsrBbeOs2JkchFl6gXVBY7p6S2k. Please contact your system administrator. Add correct host key in /tmp/ssh_known_hosts736182584 to get rid of this message. Offending RSA key in /tmp/ssh_known_hosts736182584:7 remove with: ssh-keygen -f "/tmp/ssh_known_hosts736182584" -R <ip address> ECDSA host key for <ip address> has changed and you have requested strict checking. Host key verification failed. If I just do: ssh ubuntu@<unit ip address> it connects just fine. So my question is, where is Juju getting the original for /tmp/ssh_known_hosts736182584:7 I've tried searching a bunch on my juju-controller machine, but I haven't been able to find anything that looks like the problematic known_hosts file... All the other machines/units are juju ssh-able, and I have no idea why this one would be different [other than the drive filled up from postgresql, and I had to clear some WAL files before things got running again]. Any insight or help would be appreciated! Derek DeMoss Dark Horse Comics, Inc. System Administrator I "Truth... Is where you seek it."-Lomar
-- Juju mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
