Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enabler] [AC] REMOTE HOST IDENTIFICATION HAS CHANGED error #1843

Open
1 task done
ddimatos opened this issue Dec 16, 2024 · 0 comments
Open
1 task done

[Enabler] [AC] REMOTE HOST IDENTIFICATION HAS CHANGED error #1843

ddimatos opened this issue Dec 16, 2024 · 0 comments
Assignees
@IBMAnsibleHelper
Labels
Enabler Enabler task
Milestone
[Q1] [2025] Enablers

Comments

@ddimatos
Copy link
Collaborator

ddimatos commented Dec 16, 2024
edited
Loading

Is there an existing issue for this?

  • There are no existing issues.

Enabler description

Occasionally we encounter these, while I understand the issue, I am not sure how we encounter them but given how our automation is behind a firewall on secure servers , its probably best we have the tool automatically react to this and correct it without user intervention.

The output has been sanitized with ec12345a.sanitized.host.ibm.com

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:JE+Fv4b8YJgBx/PQ0+I0/pEnGkiUommL0RPRXI3B7KI.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:47
Host key for ec12345a.sanitized.host.ibm.com has changed and you have requested strict checking.
Host key verification failed.

I see two options, the AC tool read and grep the responses and then to forcibly correct it with either:

ssh-keygen -R [IP_ADDRESS]

or where 47d is the offending key line number reported Offending ECDSA key in /root/.ssh/known_hosts:47

sed -i -e 47d /root/.ssh/known_hosts

Ansible module

No response
@ddimatos ddimatos added the Enabler Enabler task label Dec 16, 2024
@ddimatos ddimatos added the Needs Triage Issue need assessment by a team member(s) label Dec 16, 2024
@ddimatos ddimatos added this to the [Backlog] Enablers milestone Dec 16, 2024
@richp405 richp405 removed the Needs Triage Issue need assessment by a team member(s) label Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@IBMAnsibleHelper IBMAnsibleHelper

Labels
Enabler Enabler task
Projects
IBM Ansible z/OS Core Collection
Status: 📗In plan
Milestone
[Q1] [2025] Enablers
Development

No branches or pull requests
4 participants
@fernandofloresg @ddimatos @richp405 @IBMAnsibleHelper