[TUTORIAL] SSH Host Key Certificates - How to bypass SSH known_hosts bug(s)

[esi_y]

DISCLAIMER: As became apparent over some troubleshooting under this post, please take note there are also genuine cases where networking or SSH itself has been misconfigured and the error message you have encountered is genuine, i.e. you are connecting to the wrong host. If you properly follow this tutorial in what you suspected was just a PVE bug and it does not resolve your issue, you can continue troubleshooting further. This tutorial does not cause further misconfiguration, it is simply adding alternative means of host verification that bypass the bug.

As of PVE 8.1, there's still a bug where running pvecm updatecerts deletes all but the oldest (instead of newest) SSH keys from the shared cluster-wide known_hosts file which then causes issues manifesting themselves through WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! and Offending RSA key in /etc/ssh/ssh_known_hosts:$lineno and remove with: ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "$alias", which then breaks the symlink into pmxcfs and makes one dig even deeper into the troubleshooting rabbit hole.

This is a simple streamlined process to either prevent this issue or get out of it without having to do potentially risky Perl file patching or deleting keys one might have wished to otherwise retain. It bypasses the known_hosts corruption issue by using SSH certificates for the purpose of remote host authentication, it does NOT change the behaviour in relation to the user authorisation (related to the authorized_keys file).

Assuming the cluster is otherwise healthy and has quorum and no connectivity issues, except for disrupted SSH connections, e.g. proxying console/shell, secure local-storage migration and replication, but also QDevice setup. See also [1].

There's an existing Certification Authority (CA) used in PVE - see also [2], currently only for SSL connections, but as SSH certificates are nothing more than CA-signed SSH keys with associated IDs (principals), it is easiest to reuse the said CA (see note (i)):

In any single node's root shell perform once (the location is shared for all nodes in the cluster):

# openssl x509 -in /etc/pve/pve-root-ca.pem -inform pem -pubkey -noout | ssh-keygen -f /dev/stdin -i -m PKCS8 > /etc/pve/pve-root-ca.pub
# echo "@cert-authority * `cat /etc/pve/pve-root-ca.pub`" >> /etc/ssh/ssh_known_hosts

This converts the CA certificate to a format needed for SSH and adds any current or future SSH key signed by the CA as recognized by any node of the cluster as valid, even in case of other conflicting entries present.

On each individual node (you may want to automate this in case of large cluster), the respective host key then needs to be signed and set for the node:

# ssh-keygen -I `hostname` -s /etc/pve/priv/pve-root-ca.key -h -n `(hostname -s; hostname -f; hostname -I | xargs -n1) | paste -sd,` /etc/ssh/ssh_host_ed25519_key.pub
# echo "HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub" >> /etc/ssh/sshd_config.d/PVEHostCertificate.conf

This makes use of Ed25519 keys, it did however use the RSA (albeit 4096bit) CA's key to sign them. If you have any specific reason, you may of course opt for any other SSH keys in /etc/ssh/ to be used here, not necessarily Ed25519. See also note (ii).

Note: The sshd service needs to be restarted for the changes to take effect.

And that's it! From now on, your nodes will be always able to SSH connect to each other. The only annoyance being, all future nodes need to have the two liner executed once. Again, this would be best automated as it does not interfere with the rest of PVE's internals. There's no caveats to this, however, if you do not sign your future nodes' keys and PVE manages to find individual recognised key on record, it will work still. But if you encounter the bug in pvecm updatecerts it will not disrupt connections to those nodes which had signed host keys as the buggy tool safely ignores @cert-authority entries in the known_hosts file.

One final note on how PVE makes use of HostKeyAlias option for SSH connections. This option is always used for e.g. migrations/replications and will make use of specific ID from the known_hosts file irrespective of the hostname or IP address of the node being connected to. If your IDs (principals) listed in the signed keys (see note (ii) include this alias, it will keep working as expected, i.e. it will even work if this is your x-th time introducing a cluster node by the same name (as some dead nodes used to have) as long as its host key is signed. The leftover keys on record are safely ignored then, as they should have been to begin with.

If you end up with multiple records present with the same name that is also the ID listed in the key signed by the CA, the signed key will take precedence as can be checked:

# ssh -vvv -o HostKeyAlias=$alias $ipaddress
...
debug1: Found CA key in /etc/ssh/ssh_known_hosts:$lineno
debug3: check_host_key: certificate host key in use; disabling UpdateHostkeys

If you however failed to list the ID under which your node is recognised by PVE, you will have a failure (only in case it would have failed anyways due to the bug):

#ssh -vvv -o HostKeyAlias=$alias $ipaddress
...
debug1: Host '$alias' is known and matches the ED25519-CERT host certificate.
debug1: Found CA key in /etc/ssh/ssh_known_hosts:$lineno
Certificate invalid: name is not a listed principal
debug1: No matching CA found. Retry with plain key

TESTED ON: pve-manager/8.1.3/b46aac3b42da5d15 (running kernel: 6.5.11-6-pve)

Related bug reports: #4252, #4886

References:
[1] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_role_of_ssh_in_proxmox_ve_clusters
[2] https://pve.proxmox.com/wiki/Certificate_Management

Notes:
(i) If you wanted to know how much validity there's left for the CA, feel free to check with openssl x509 -in /etc/pve/pve-root-ca.pem -text -noout, it is 10 years as nominally generated by PVE and therefore rotation is a not in scope of this tutorial either.
(ii) If you wish to double check that all the correct IDs (principals) were included in the signed key, you can do so with ssh-keygen -L -f /etc/ssh/ssh_host_ed25519_key-cert.pub. There should be the hostname, FQDN as well as all IP addresses listed. You can, of course, change this list by editing the list within the -n option of ssh-keygen. Please also note there's absolutely no expiry defined for these keys which mimics the default behaviour of PVE regarding SSH key handling.

 

[TimRyan]

As of PVE 8.1, there's still a bug where running pvecm updatecerts deletes all but the oldest (instead of newest) SSH keys from the shared cluster-wide known_hosts file which then causes issues manifesting themselves through WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! and Offending RSA key in /etc/ssh/ssh_known_hosts:$lineno and remove with: ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "$alias", which then breaks the symlink into pmxcfs and makes one dig even deeper into the troubleshooting rabbit hole.

This is a simple streamlined process to either prevent this issue or get out of it without having to do potentially risky Perl file patching or deleting keys one might have wished to otherwise retain. It bypasses the known_hosts corruption issue by using SSH certificates for the purpose of remote host authentication, it does NOT change the behaviour in relation to the user authorisation (related to the authorized_keys file).

Assuming the cluster is otherwise healthy and has quorum and no connectivity issues, except for disrupted SSH connections, e.g. proxying console/shell, secure local-storage migration and replication, but also QDevice setup. See also [1].

There's an existing Certification Authority (CA) used in PVE - see also [2], currently only for SSL connections, but as SSH certificates are nothing more than CA-signed SSH keys with associated IDs (principals), it is easiest to reuse the said CA (see note (i)):

In any single node's root shell perform once (the location is shared for all nodes in the cluster):

# openssl x509 -in /etc/pve/pve-root-ca.pem -inform pem -pubkey -noout | ssh-keygen -f /dev/stdin -i -m PKCS8 > /etc/pve/pve-root-ca.pub
# echo "@cert-authority * `cat /etc/pve/pve-root-ca.pub`" >> /etc/ssh/ssh_known_hosts

This converts the CA certificate to a format needed for SSH and adds any current or future SSH key signed by the CA as recognized by any node of the cluster as valid, even in case of other conflicting entries present.

On each individual node (you may want to automate this in case of large cluster), the respective host key then needs to be signed and set for the node:

# ssh-keygen -I `hostname` -s /etc/pve/priv/pve-root-ca.key -h -n `(hostname -s; hostname -f; hostname -I | xargs -n1) | paste -sd,` /etc/ssh/ssh_host_ed25519_key.pub
# echo "HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub" >> /etc/ssh/sshd_config.d/PVEHostCertificate.conf

This makes use of Ed25519 keys, it did however use the RSA (albeit 4096bit) CA's key to sign them. If you have any specific reason, you may of course opt for any other SSH keys in /etc/ssh/ to be used here, not necessarily Ed25519. See also note (ii).

Note: The sshd service needs to be restarted for the changes to take effect.

And that's it! From now on, your nodes will be always able to SSH connect to each other. The only annoyance being, all future nodes need to have the two liner executed once. Again, this would be best automated as it does not interfere with the rest of PVE's internals. There's no caveats to this, however, if you do not sign your future nodes' keys and PVE manages to find individual recognised key on record, it will work still. But if you encounter the bug in pvecm updatecerts it will not disrupt connections to those nodes which had signed host keys as the buggy tool safely ignores @cert-authority entries in the known_hosts file.

One final note on how PVE makes use of HostKeyAlias option for SSH connections. This option is always used for e.g. migrations/replications and will make use of specific ID from the known_hosts file irrespective of the hostname or IP address of the node being connected to. If your IDs (principals) listed in the signed keys (see note (ii) include this alias, it will keep working as expected, i.e. it will even work if this is your x-th time introducing a cluster node by the same name (as some dead nodes used to have) as long as its host key is signed. The leftover keys on record are safely ignored then, as they should have been to begin with.

If you end up with multiple records present with the same name that is also the ID listed in the key signed by the CA, the signed key will take precedence as can be checked:

# ssh -vvv -o HostKeyAlias=$alias $ipaddress
...
debug1: Found CA key in /etc/ssh/ssh_known_hosts:$lineno
debug3: check_host_key: certificate host key in use; disabling UpdateHostkeys

If you however failed to list the ID under which your node is recognised by PVE, you will have a failure (only in case it would have failed anyways due to the bug):

#ssh -vvv -o HostKeyAlias=$alias $ipaddress
...
debug1: Host '$alias' is known and matches the ED25519-CERT host certificate.
debug1: Found CA key in /etc/ssh/ssh_known_hosts:$lineno
Certificate invalid: name is not a listed principal
debug1: No matching CA found. Retry with plain key

TESTED ON: pve-manager/8.1.3/b46aac3b42da5d15 (running kernel: 6.5.11-6-pve)

Related bug reports: #4252, #4886

References:
[1] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_role_of_ssh_in_proxmox_ve_clusters
[2] https://pve.proxmox.com/wiki/Certificate_Management

Notes:
(i) If you wanted to know how much validity there's left for the CA, feel free to check with openssl x509 -in /etc/pve/pve-root-ca.pem -text -noout, it is 10 years as nominally generated by PVE and therefore rotation is a not in scope of this tutorial either.
(ii) If you wish to double check that all the correct IDs (principals) were included in the signed key, you can do so with ssh-keygen -L -f /etc/ssh/ssh_host_ed25519_key-cert.pub. There should be the hostname, FQDN as well as all IP addresses listed. You can, of course, change this list by editing the list within the -n option of ssh-keygen. Please also note there's absolutely no expiry defined for these keys which mimics the default behaviour of PVE regarding SSH key handling.

 

[esi_y]

Past related threads running into this issue:

- 2023-11-02 https://forum.proxmox.com/threads/pvecm-updatecert-f-not-working.135812/

- 2023-09-01 https://forum.proxmox.com/threads/p...eps-changing-in-cluster-after-upgrade.133030/

- 2023-07-22 https://forum.proxmox.com/threads/host-key-verification-failed.131026/

- 2023-06-06 https://forum.proxmox.com/threads/need-help-with-this-strange-error.128495/

- 2023-05-22 https://forum.proxmox.com/threads/unable-to-migrate-vm-from-one-node-to-another.127791/

...

- 2020-12-30 https://forum.proxmox.com/threads/error-500-cant-activate-storage-storage1-on-node-nodeb.81606/

...

- 2013-05-30 https://forum.proxmox.com/threads/migration-issue-after-replacing-a-node.13968/

 

[esi_y]

This week, related posts:

https://forum.proxmox.com/threads/v...rom-8-1-1-november-23-iso.137502/#post-615709

https://forum.proxmox.com/threads/s...n-host-key-verification-failed-errors.138102/

https://forum.proxmox.com/threads/sdn-broken-after-setting-vnet-tags-to-1-and-2.138190/#post-616264

 

[esi_y]

Short summary for anyone encountering this and other options:
https://forum.proxmox.com/threads/cannot-migrate-vm-ct-due-to-ssh-key-error.133560/#post-614183

 

[RNab]

Hey.
Sorry to post here, do let me know if I should create a new topic.

I have a 3 nodes cluster, and one of them kept having this SSH Key issue. I followed the above steps carefully, and since then, I'm getting a lot of UI errors (ie, the WebUI of one of the node can't interact with the other nodes, as I get many "connection error").
I'm not sure if it is related to this but could you give me a hand to fix it ?

 

[esi_y]

Hey.
Sorry to post here, do let me know if I should create a new topic.

I have a 3 nodes cluster, and one of them kept having this SSH Key issue. I followed the above steps carefully, and since then, I'm getting a lot of UI errors (ie, the WebUI of one of the node can't interact with the other nodes, as I get many "connection error").
I'm not sure if it is related to this but could you give me a hand to fix it ?

I would suggest to create a new thread for the troubleshooting part, but I am not ashamed to find out if it was caused by what I had posted here and then update it to here, just avoid extra thread noise. Do you mind create a new topic (update your comment with link to it), feel free to link into which exact steps you followed (whether the tutorial or some of the alternative options like patch or cleaning up the file entirely), what you had done before to get to the error and more details about the cluster?

EDIT: @RNab contacted me soon after that he had to "do a pveproxy restart and pvestatd restart, on each node", as these are related to SSL and not SSH, I can only speculate these were completely unrelated. Happy to troubleshoot / backtrack this further though.

 

[ctrlbrk]

Is this bug still present in 8.1.4?

Trying to decide if I need to try such a risky maneuver or if this isn't going to help my ssh key issues

 

[esi_y]

It is - you can see in the linked bugs as none of them is RESOLVED.

What are the risks that you perceive? It's adding keys that your nodes will recognise as valid, it's not removing anything.

The riskier approach is to completely wipe /etc/pve/priv/known_hosts and then run pvecm updatecerts on every node. That will fix your issue until it reappears later on due to the bug again.

 

[ctrlbrk]

It is - you can see in the linked bugs as none of them is RESOLVED.

What are the risks that you perceive? It's adding keys that your nodes will recognise as valid, it's not removing anything.

The riskier approach is to completely wipe /etc/pve/priv/known_hosts and then run pvecm updatecerts on every node. That will fix your issue until it reappears later on due to the bug again.

Ok, I did it on the two nodes (third is qdevice, assumed no need to touch).

Restarted ssh. Went to a replication job, scheduled, and log looks same as before I issued the commands:

2024-03-03 13:02:02 102-0: (remote_prepare_local_job) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) Someone could be eavesdropping on you right now (man-in-the-middle attack)!
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) It is also possible that a host key has just been changed.
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) The fingerprint for the ED25519 key sent by the remote host is
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) SHA256:BcZpML7q+U6nUn4YoHj9Qr+uzqT1ZAnFfFxBSaOmj+s.
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) Please contact your system administrator.
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) Add correct host key in /root/.ssh/known_hosts to get rid of this message.
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) Offending RSA key in /etc/ssh/ssh_known_hosts:5
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) remove with:
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "pve2"
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) Host key for pve2 has changed and you have requested strict checking.
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) Host key verification failed.
2024-03-03 13:02:02 102-0: end replication job with error: command '/usr/bin/ssh -e none -o 'BatchMode=yes' -o 'HostKeyAlias=pve2' root@192.168.1.252 -- pvesr prepare-local-job 102-0 --scan local-zfs local-zfs:vm-102-disk-0 --last_sync 1709486105' failed: exit code 255

 

[esi_y]

Ok, I did it on the two nodes (third is qdevice, assumed no need to touch).

Please be more specific - which of the steps did you run. Best if you show history on both nodes.

Restarted ssh. Went to a replication job, scheduled, and log looks same as before I issued the commands:

2024-03-03 13:02:02 102-0: (remote_prepare_local_job) Offending RSA key in /etc/ssh/ssh_known_hosts:5
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) remove with:
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "pve2"
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) Host key for pve2 has changed and you have requested strict checking.
2024-03-03 13:02:02 102-0: (remote_prepare_local_job) Host key verification failed.
2024-03-03 13:02:02 102-0: end replication job with error: command '/usr/bin/ssh -e none -o 'BatchMode=yes' -o 'HostKeyAlias=pve2' root@192.168.1.252 -- pvesr prepare-local-job 102-0 --scan local-zfs local-zfs:vm-102-disk-0 --last_sync 1709486105' failed: exit code 255

I suspect you might have broken links from previously having run the "advised" ssh-keygen -f -R.

Can you show from both nodes:
ls -l /etc/ssh/ssh_known_hosts

 

[ctrlbrk]

Please be more specific - which of the steps did you run. Best if you show history on both nodes.



I suspect you might have broken links from previously having run the "advised" ssh-keygen -f -R.

Can you show from both nodes:
ls -l /etc/ssh/ssh_known_hosts

Thank you for responding.

01:22 PM [pve]~ root # ls -l /etc/ssh/ssh_known_hosts
lrwxrwxrwx 1 root root 25 Mar 3 12:52 /etc/ssh/ssh_known_hosts -> /etc/pve/priv/known_hosts
01:22 PM [pve]~ root #

pve/node 1:

1545 openssl x509 -in /etc/pve/pve-root-ca.pem -inform pem -pubkey -noout | ssh-keygen -f /dev/stdin -i -m PKCS8 > /etc/pve/pve-root-ca.pub
1546 echo "@cert-authority * `cat /etc/pve/pve-root-ca.pub`" >> /etc/ssh/ssh_known_hosts
1547 ssh-keygen -I `hostname` -s /etc/pve/priv/pve-root-ca.key -h -n `(hostname -s; hostname -f; hostname -I | xargs -n1) | paste -sd,` /etc/ssh/ssh_host_ed25519_key.pub
1548 echo "HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub" >> /etc/ssh/sshd_config.d/PVEHostCertificate.conf
1549 service ssh restart

pve2/node 2:

354 ssh-keygen -I `hostname` -s /etc/pve/priv/pve-root-ca.key -h -n `(hostname -s; hostname -f; hostname -I | xargs -n1) | paste -sd,` /etc/ssh/ssh_host_ed25519_key.pub
355 echo "HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub" >> /etc/ssh/sshd_config.d/PVEHostCertificate.conf
356 service ssh restart

 

[esi_y]

Thank you for responding.

01:22 PM [pve]~ root # ls -l /etc/ssh/ssh_known_hosts
lrwxrwxrwx 1 root root 25 Mar  3 12:52 /etc/ssh/ssh_known_hosts -> /etc/pve/priv/known_hosts
01:22 PM [pve]~ root #

Also from the other node, please.

pve/node 1:

1545  openssl x509 -in /etc/pve/pve-root-ca.pem -inform pem -pubkey -noout | ssh-keygen -f /dev/stdin -i -m PKCS8 > /etc/pve/pve-root-ca.pub
 1546  echo "@cert-authority * `cat /etc/pve/pve-root-ca.pub`" >> /etc/ssh/ssh_known_hosts
 1547  ssh-keygen -I `hostname` -s /etc/pve/priv/pve-root-ca.key -h -n `(hostname -s; hostname -f; hostname -I | xargs -n1) | paste -sd,` /etc/ssh/ssh_host_ed25519_key.pub
 1548  echo "HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub" >> /etc/ssh/sshd_config.d/PVEHostCertificate.conf
 1549  service ssh restart

pve2/node 2:

354  ssh-keygen -I `hostname` -s /etc/pve/priv/pve-root-ca.key -h -n `(hostname -s; hostname -f; hostname -I | xargs -n1) | paste -sd,` /etc/ssh/ssh_host_ed25519_key.pub
  355  echo "HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub" >> /etc/ssh/sshd_config.d/PVEHostCertificate.conf
  356  service ssh restart

 

[ctrlbrk]

Also from the other node, please.

01:32 PM [pve2]~ root # ls -l /etc/ssh/ssh_known_hosts
lrwxrwxrwx 1 root root 25 Mar 3 12:52 /etc/ssh/ssh_known_hosts -> /etc/pve/priv/known_hosts
01:32 PM [pve2]~ root #

 

[ctrlbrk]

# pvecm status
Cluster information
-------------------
Name: ifire
Config Version: 11
Transport: knet
Secure auth: on

Quorum information
------------------
Date: Sun Mar 3 13:33:01 2024
Quorum provider: corosync_votequorum
Nodes: 2
Node ID: 0x00000001
Ring ID: 1.4bd
Quorate: Yes

Votequorum information
----------------------
Expected votes: 3
Highest expected: 3
Total votes: 2
Quorum: 2
Flags: Quorate Qdevice

Membership information
----------------------
Nodeid Votes Qdevice Name
0x00000001 1 A,NV,NMW 192.168.1.251 (local)
0x00000002 1 NR 192.168.1.252
0x00000000 0 Qdevice (votes 1)

 

[esi_y]

Alright, let's investigate this then. I suppose the replication job is meant to run from pve to pve2 - please confirm.

Can you post output of (enclose all in [ CODE ] [ /CODE ] tags):

pve# /usr/bin/ssh -vvv -o 'HostKeyAlias=pve2' root@192.168.1.252 -- /bin/true

 

[ctrlbrk]

Alright, let's investigate this then. I suppose the replication job is meant to run from pve to pve2 - please confirm.

Can you post output of (enclose all in [ CODE ] [ /CODE ] tags):

pve# /usr/bin/ssh -vvv -o 'HostKeyAlias=pve2' root@192.168.1.252 -- /bin/true

That is correct.

01:51 PM [pve]~ root # /usr/bin/ssh -vvv -o 'HostKeyAlias=pve2' root@192.168.1.252 -- /bin/true
OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 2: Applying options for *
debug1: /root/.ssh/config line 12: Applying options for 192.168.1.252
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.1.251 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.1.251 [192.168.1.251] port 212.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2+deb12u2
debug1: compat_banner: match: OpenSSH_9.2p1 Debian-2+deb12u2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.251:212 as 'root'
debug1: using hostkeyalias: pve2
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug3: record_hostkey: found key type RSA in file /etc/ssh/ssh_known_hosts:5
debug3: record_hostkey: found ca key type RSA in file /etc/ssh/ssh_known_hosts:17
debug3: load_hostkeys_file: loaded 2 keys from pve2
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,kex-strict-s-v00@openssh.com
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: kex_choose_conf: will use strict KEX ordering
debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com
debug1: kex: host key algorithm: ssh-ed25519-cert-v01@openssh.com
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host certificate: ssh-ed25519-cert-v01@openssh.com SHA256:BcZpML7q+U6nUn4YoHj9Qr+uzqT1ZAnFfFxBSaOmj+s, serial 0 ID "pve.ifire.net" CA ssh-rsa SHA256:YlbjnKqsNV4sNWRmiS5DQ+p3ZpnFw9RBrXVQXl8CM/c valid forever
debug2: Server host certificate hostname: pve
debug2: Server host certificate hostname: pve
debug2: Server host certificate hostname: 216.18.207.194
debug2: Server host certificate hostname: 192.168.1.251
debug2: Server host certificate hostname: 100.109.207.73
debug3: put_host_port: [192.168.1.251]:212
debug1: using hostkeyalias: pve2
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug3: record_hostkey: found key type RSA in file /etc/ssh/ssh_known_hosts:5
debug3: record_hostkey: found ca key type RSA in file /etc/ssh/ssh_known_hosts:17
debug3: load_hostkeys_file: loaded 2 keys from pve2
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'pve2' is known and matches the ED25519-CERT host certificate.
debug1: Found CA key in /etc/ssh/ssh_known_hosts:17
Certificate invalid: name is not a listed principal
debug1: No matching CA found. Retry with plain key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:BcZpML7q+U6nUn4YoHj9Qr+uzqT1ZAnFfFxBSaOmj+s.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /etc/ssh/ssh_known_hosts:5
remove with:
ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "pve2"
Host key for pve2 has changed and you have requested strict checking.
Host key verification failed.

 

[esi_y]

That is correct.

01:51 PM [pve]~ root # /usr/bin/ssh -vvv -o 'HostKeyAlias=pve2' root@192.168.1.252 -- /bin/true
OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 2: Applying options for *
debug1: /root/.ssh/config line 12: Applying options for 192.168.1.252
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.1.251 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/root/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/root/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.1.251 [192.168.1.251] port 212.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2+deb12u2
debug1: compat_banner: match: OpenSSH_9.2p1 Debian-2+deb12u2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.1.251:212 as 'root'
debug1: using hostkeyalias: pve2
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug3: record_hostkey: found key type RSA in file /etc/ssh/ssh_known_hosts:5
debug3: record_hostkey: found ca key type RSA in file /etc/ssh/ssh_known_hosts:17
debug3: load_hostkeys_file: loaded 2 keys from pve2
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,kex-strict-s-v00@openssh.com
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: kex_choose_conf: will use strict KEX ordering
debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com
debug1: kex: host key algorithm: ssh-ed25519-cert-v01@openssh.com
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host certificate: ssh-ed25519-cert-v01@openssh.com SHA256:BcZpML7q+U6nUn4YoHj9Qr+uzqT1ZAnFfFxBSaOmj+s, serial 0 ID "pve.ifire.net" CA ssh-rsa SHA256:YlbjnKqsNV4sNWRmiS5DQ+p3ZpnFw9RBrXVQXl8CM/c valid forever
debug2: Server host certificate hostname: pve
debug2: Server host certificate hostname: pve
debug2: Server host certificate hostname: 216.18.207.194
debug2: Server host certificate hostname: 192.168.1.251
debug2: Server host certificate hostname: 100.109.207.73
debug3: put_host_port: [192.168.1.251]:212
debug1: using hostkeyalias: pve2
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug3: record_hostkey: found key type RSA in file /etc/ssh/ssh_known_hosts:5
debug3: record_hostkey: found ca key type RSA in file /etc/ssh/ssh_known_hosts:17
debug3: load_hostkeys_file: loaded 2 keys from pve2
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'pve2' is known and matches the ED25519-CERT host certificate.
debug1: Found CA key in /etc/ssh/ssh_known_hosts:17
Certificate invalid: name is not a listed principal
debug1: No matching CA found. Retry with plain key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:BcZpML7q+U6nUn4YoHj9Qr+uzqT1ZAnFfFxBSaOmj+s.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /etc/ssh/ssh_known_hosts:5
  remove with:
  ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "pve2"
Host key for pve2 has changed and you have requested strict checking.
Host key verification failed.

Alright, the reason it does not work is:

debug1: Found CA key in /etc/ssh/ssh_known_hosts:17
Certificate invalid: name is not a listed principal
debug1: No matching CA found. Retry with plain key

Either you scroll up in your terminal and see what the key was generated for on pve2, there will be a line like:

Signed host key /etc/ssh/ssh_host_ed25519_key-cert.pub: id ...

Or if it's too much hassle let's check explicitly:

pve2# ssh-keygen -L -f /etc/ssh/ssh_host_ed25519_key-cert.pub

(Note: You likely have the same issue other way around, so will need to regenerate both certs for both nodes.)

 

[ctrlbrk]

From pve1:

02:09 PM [pve]~ root # ssh-keygen -L -f /etc/ssh/ssh_host_ed25519_key-cert.pub
/etc/ssh/ssh_host_ed25519_key-cert.pub:
Type: ssh-ed25519-cert-v01@openssh.com host certificate
Public key: ED25519-CERT SHA256:BcZpML7q+U6nUn4YoHj9Qr+uzqT1ZAnFfFxBSaOmj+s
Signing CA: RSA SHA256:YlbjnKqsNV4sNWRmiS5DQ+p3ZpnFw9RBrXVQXl8CM/c (using rsa-sha2-512)
Key ID: "pve.ifire.net"
Serial: 0
Valid: forever
Principals:
pve
pve
216.18.207.194
192.168.1.251
100.109.207.73
Critical Options: (none)
Extensions: (none)

From pve2:

02:08 PM [pve2]~ root # ssh-keygen -L -f /etc/ssh/ssh_host_ed25519_key-cert.pub
/etc/ssh/ssh_host_ed25519_key-cert.pub:
Type: ssh-ed25519-cert-v01@openssh.com host certificate
Public key: ED25519-CERT SHA256:fh8LJ2oXlEf84BQ34VYYdRF6mTQwN0sU84ZrPvV4AnI
Signing CA: RSA SHA256:YlbjnKqsNV4sNWRmiS5DQ+p3ZpnFw9RBrXVQXl8CM/c (using rsa-sha2-512)
Key ID: "pve2.ifire.net"
Serial: 0
Valid: forever
Principals:
pve2
pve2
192.69.210.50
192.168.1.252
100.114.244.3
fd7a:115c:a1e0::e872:f403
Critical Options: (none)
Extensions: (none)
02:08 PM [pve2]~ root #

 

[esi_y]

This is becoming more and more fun, so higher up you had:

1:51 PM [pve]~ root # /usr/bin/ssh -vvv -o 'HostKeyAlias=pve2' root@192.168.1.252 -- /bin/true

OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023

...

debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host certificate: ssh-ed25519-cert-v01@openssh.com SHA256:BcZpML7q+U6nUn4YoHj9Qr+uzqT1ZAnFfFxBSaOmj+s, serial 0 ID "pve.ifire.net" CA ssh-rsa SHA256:YlbjnKqsNV4sNWRmiS5DQ+p3ZpnFw9RBrXVQXl8CM/c valid forever
debug2: Server host certificate hostname: pve
debug2: Server host certificate hostname: pve
debug2: Server host certificate hostname: 216.18.207.194
debug2: Server host certificate hostname: 192.168.1.251
debug2: Server host certificate hostname: 100.109.207.73
debug3: put_host_port: [192.168.1.251]:212

...

Now on the target machine (pve2):

02:08 PM [pve2]~ root # ssh-keygen -L -f /etc/ssh/ssh_host_ed25519_key-cert.pub

/etc/ssh/ssh_host_ed25519_key-cert.pub:
        Type: ssh-ed25519-cert-v01@openssh.com host certificate
        Public key: ED25519-CERT SHA256:fh8LJ2oXlEf84BQ34VYYdRF6mTQwN0sU84ZrPvV4AnI
        Signing CA: RSA SHA256:YlbjnKqsNV4sNWRmiS5DQ+p3ZpnFw9RBrXVQXl8CM/c (using rsa-sha2-512)
        Key ID: "pve2.ifire.net"
        Serial: 0
        Valid: forever
        Principals:
                pve2
                pve2
                192.69.210.50
                192.168.1.252
                100.114.244.3
                fd7a:115c:a1e0::e872:f403

It's almost like the host key cert is correct on the machine pve2, but when you were connecting you got the other one (of the node itself).

The connection goes by the IP address to begin with, it would help to double check what was happening at the same time on the target machine by checking its logs.

Can you post:

pve2# journalctl -u ssh --since "2024-03-03 13:50"