juju-deployer fills up ~/.ssh/known_hosts
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| juju-core |
New
|
Undecided
|
Unassigned | ||
Bug Description
Every time we deploy something with juju-deployer, we get new entries in ~/.ssh/known_hosts. This is fine, until we try and re-deploy something that happens to be given the same IP address as an earlier (now dead) nova instance. When that happens, the deployment fails and we get:
---
@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
<redacted fingerprint>.
Please contact your system administrator.
Add correct host key in /home/stg-
Offending ECDSA key in /home/stg-
remove with: ssh-keygen -f "/home/
Keyboard-
---
Either juju-deployer shouldn't add to ~/.ssh/known_hosts, or juju destroy-* commands should take care of clearing out those entries in known_hosts.
| Kapil Thangavelu (hazmat) wrote | #1 |
| Stuart Bishop (stub) wrote | #3 |
| Thomi Richards (thomir-deactivatedaccount) wrote | #4 |
that's rather odd. deployer doesn't ever use ssh. juju bootstrap does, but else juju doesn't unless your explicitly using juju scp/ssh commands, which sounds more like things outside of deployer config/bundle syntax.