There're offending keys for IP with both root and nova user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Nova Compute Charm |
Triaged
|
Medium
|
Unassigned |
Bug Description
If a host is redeployed, the host IP maybe changed. We're currently using %s in the live_migration_uri, which means the hostname. That will lead to offending keys exists.
This happens on both root user (/root/
e.g.:
nova@vcd41026:~$ ssh nova@vcd41028
@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@
The RSA host key for vcd41028 has changed,
and the key for the corresponding IP address 10.246.65.107
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /var/lib/
remove with:
ssh-keygen -f "/var/lib/
@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:
Please contact your system administrator.
Add correct host key in /var/lib/
Offending RSA key in /var/lib/
remove with:
ssh-keygen -f "/var/lib/
RSA host key for vcd41028 has changed and you have requested strict checking.
Host key verification failed.
Changed in charm-nova-compute: | |
importance: | Undecided → Medium |
status: | New → Triaged |
Managed to workaround this by removing the offending host keys manually, then running the clear-unit- knownhost- cache action in nova-cloud- controller.