http://www.packetfence.org/support/faqs/article/is-there-a-way-to-avoid-host-key-verification-on-every-ssh-based-network-devices.html
Le 2015-02-12 11:33, Arthur Emerson a écrit : > We just had to RMA one of our Meru controllers, and spent a week running > on the N+1 spare. > > If anyone else is running in an N+1 config or swapping controllers > running with SSH de-auth (because the SNMP function apparently still > has not been officially implemented in PF), be aware of this gotcha. > The SSH key is different on the N+1 controller, but the IP address is > the same when it comes online in a failover scenario. When the stored > host key changes, SSH refuses to make the connection with the new > system until you whack the entry from /usr/local/pf/.ssh/known_hosts > (and ~/.ssh/known_hosts for user root). Likewise, when you replace a > Meru controller due to an RMA, the replacement box has a different SSH > key and you have to do this all over again. In either scenario, your > SSH de-auth stops working. > > Just giving everyone a heads-up, especially if you have an N+1 controller > and expect the failover to be 100% transparent... > > -Arthur > > ------------------------------------------------------------------------- > Arthur Emerson III Email: [email protected] > Network Administrator InterNIC: AE81 > Mount Saint Mary College MaBell: (845) 561-0800 Ext. 3109 > 330 Powell Ave. Fax: (845) 562-6762 > Newburgh, NY 12550 SneakerNet: Aquinas Hall Room 11 > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming. The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
