If this is the case, what i have done on my ovirt nodes that are part of an
IPA domain is to simply remove the following entries from the ssh_config:
GlobalKnownHostsFile
VerifyHostKeyDNS
ProxyCommand
I have created a small ansible bootstrap playbook for ovirt nodes which is
part of it.
- name: Configure ssh_config (comment out)
lineinfile:
dest: /etc/ssh/ssh_config
backrefs: yes
regexp: "^({{ item }}) (.*)"
line: '# \1 \2'
loop:
- GlobalKnownHostsFile
- VerifyHostKeyDNS
- ProxyCommand
On Mon, Apr 4, 2022 at 5:42 PM Sketch wrote:
> It sounds like your machine is part of an IPA domain and getting the host
> key from IPA if it's in /var/lib/sss/pubconf, in which case it will keep
> re-adding the host key to that file every time you attempt to connect to
> it. You need to either remove the old host keys from IPA (via webui or
> ipa commands) so they don't get re-added to the pubconf file, or remove
> the entire host from IPA and then re-join it to the IPA domain so that IPA
> has the correct keys.
>
> On Sun, 3 Apr 2022, jeroen@telenet.be wrote:
>
> > I have a backup file from our ovirt hosted engine. When I try to run
> "hosted-engine --deploy --restore-from-file=backup.bck" on the same machine
> with a fresh install of ovirt node 4.3 I get this error after some minutes:
> >
> >
> > [ ERROR ] fatal: [localhost -> ovirt.*mydomain.com*]: FAILED! =>
> {"changed": false, "elapsed": 185, "msg": "timed out waiting for ping
> module test success: Failed to connect to the host via ssh:
> @@@\r\n@
> WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
> @\r\n@@@\r\nIT
> IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be
> eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also
> possible that a host key has just been changed.\r\nThe fingerprint for the
> ECDSA key sent by the remote host
> is\nSHA256:aer7BMZyKHhfzMXX4pzVULHN7OwSSNDrCuOyvdmG8sQ.\r\nPlease contact
> your system administrator.\r\nAdd correct host key in /dev/null to get rid
> of this message.\r\nOffending ED25519 key in
> /var/lib/sss/pubconf/known_hosts:6\r\nPassword authentication is disabled
> to avoid man-in-the-middle attacks.\r\nKeyboard-interactive authentication
> is disabled t
> o
> > avoid man-in-the-middle attacks.\r\nPermission denied
> (publickey,gssapi-keyex,gssapi-with-mic,password)."}
> >
> > I can't find anything in the docs about this problem. I already removed
> all the entries in /var/lib/sss/pubconf/known_hosts on my ovirt host
> machine. But that didn't change anything. Is their something wrong with the
> backup. At the moment I have 2 other hosts running my VM's but no ovirt
> manager.
> >
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/CQYPBO5TDLUKSVS7WW3T6OXMGGOJVHFW/
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/CS5SMQH7SCHPFJ2DHCD53GVBZC3F5ICH/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/I5AZ56Z6LCFQQNDNYSEHMY3WZXL5DFYQ/