Common problem. Here is how I'd work around that: - Collect all the ssh host key files from any one of your nodes. - Put those SSH host keys into your image, or use a postscript to install them during the boot process.
>From then on, all your nodes will use the same SSH host keys every time you reboot (and also all will use the same SSH host key compared to each other). You will still need to clean up the known_hosts files throughout your system, but you only need to do that once. Another tip: there is a global known_hosts file you can use in /etc/ssh . All users of your system will benefit from that file. _______________________________________________________________________ Kevin Keane | Systems Architect | University of San Diego ITS | kke...@sandiego.edu *Pronouns: he/him/his*Maher Hall, 162 |5998 Alcalá Park | San Diego, CA 92110-2492 | 619.260.6859 | Text: 760-721-8339 *REMEMBER! **No one from IT at USD will ever ask to confirm or supply your password*. These messages are an attempt to steal your username and password. Please do not reply to, click the links within, or open the attachments of these messages. Delete them! On Sun, Mar 7, 2021 at 2:45 AM Chiu, Peter (STFC,RAL,RALSP) < peter.c...@stfc.ac.uk> wrote: > Hello all, > > > > We have recently upgraded the OS to Centos 7 with xcat diskless nodes. > > All are running fine as far as we can tell. > > > > Just one issue is that each time a diskless node reboots, > > psh or ssh command issued to the node will trigger a warning message > > on the ECDSA key change, please see below. The command does works. > > > > While we can simply remove the offending entry in .ssh/known_hosts, > > or through ssh-keygen –R ip_address to clear this for subsequent > commands, > > I wonder if there is any way to prevent the incorrect reporting on the > change of the ECDSA key. Clearly the host key has not changed in the > boot image, somehow the caller thinks it has. > > > > Many thanks. > > > > Peter > > > > [root@aberdeen ~]# psh rsg15 date > > rsg15: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > rsg15: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > > rsg15: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > rsg15: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > > rsg15: Someone could be eavesdropping on you right now (man-in-the-middle > attack)! > > rsg15: It is also possible that a host key has just been changed. > > rsg15: The fingerprint for the ECDSA key sent by the remote host is > > rsg15: SHA256:jAAzf23XY1h+VPl7XYKcw9i68cVnw35ZeYDAG6z4SGw. > > rsg15: Please contact your system administrator. > > rsg15: Add correct host key in /root/.ssh/known_hosts to get rid of this > message. > > rsg15: Offending ECDSA key in /root/.ssh/known_hosts:19 > > rsg15: Password authentication is disabled to avoid man-in-the-middle > attacks. > > rsg15: Keyboard-interactive authentication is disabled to avoid > man-in-the-middle attacks. > > rsg15: Sun 7 Mar 10:24:20 GMT 2021 > > This email and any attachments are intended solely for the use of the > named recipients. If you are not the intended recipient you must not use, > disclose, copy or distribute this email or any of its attachments and > should notify the sender immediately and delete this email from your > system. UK Research and Innovation (UKRI) has taken every reasonable > precaution to minimise risk of this email or any attachments containing > viruses or malware but the recipient should carry out its own virus and > malware checks before opening the attachments. UKRI does not accept any > liability for any losses or damages which the recipient may sustain due to > presence of any viruses. Opinions, conclusions or other information in this > message and attachments that are not related directly to UKRI business are > solely those of the author and do not represent the views of UKRI. > _______________________________________________ > xCAT-user mailing list > xCAT-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/xcat-user >
_______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
