Submitted by andreychek on Wed, 09/02/2009 - 08:45
It the SSH host key changes (such as when a server is rebuilt), Cloudmin is no longer able to establish a connection with the server.
Cloudmin itself just returns "Unknown Error" -- but in digging deeper, the issue seems to be a matter of needing to delete the entry from /root/.ssh/known_hosts, as seen here when I manually re-created the issue:
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
43:da:cd:5c:65:9f:30:9d:34:df:7e:1b:df:10:3a:31.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:7
Would it be possible to print the above error in cases where SSH isn't connecting?
Status:
Closed (fixed)
Comments
Submitted by JamieCameron on Wed, 09/02/2009 - 17:12 Comment #1
I will add detection for this problem in the next Cloudmin release - if SSH fails for this reason, it will be shown on the Edit System page.
Submitted by sgrayban on Wed, 09/09/2009 - 09:45 Comment #2
I hate it when this happens as well and often does when ssh is upgraded. CM should ask if you want to accept the new host key or at the very least echo the error you would see in console.
Submitted by JamieCameron on Wed, 09/09/2009 - 12:17 Comment #3
I'd love to handle this better, but unfortunately Cloudmin calls SSH with the -q flag to suppress junk output when running commands remotely ... and the -q flag also hides the error about a key mismatch.
The only reliable solution would be to always remove the host key from /root/.ssh/known_hosts before connecting, but that seems rather aggressive..
Submitted by sgrayban on Wed, 09/09/2009 - 15:13 Comment #4
removing the host might be the only way to do this then unless you make a button to do that if a error happens
Submitted by JamieCameron on Wed, 09/09/2009 - 17:45 Comment #5
I'll add a button to clear an invalid SSH host key in the next release.
Submitted by sgrayban on Wed, 09/09/2009 - 18:34 Comment #6
thanks
Submitted by Issues on Thu, 09/24/2009 - 02:20 Comment #7
Automatically closed -- issue fixed for 2 weeks with no activity.