[SOLVED] Host key verification failed when migrate

H

huky

Renowned Member
Jul 1, 2016
70
3
73
44
Chongqing, China
I have a PVE cluster with 6 nodes. It run well in the last year.
I upgrade from v4.4 to v5.1 today, now i can not migrate any vm or ct

2018-02-24 20:19:57 # /usr/bin/ssh -e none -o 'BatchMode=yes' -o 'HostKeyAlias=ynode004' root@172.16.100.4 /bin/true
2018-02-24 20:19:57 Host key verification failed.
2018-02-24 20:19:57 ERROR: migration aborted (duration 00:00:00): Can't connect to destination address using public key
TASK ERROR: migration aborted

any node can login in each other via ssh

I have exec pvecm updatecerts and restart pve-cluster pvedaemin pveproxy

so, what's wrong with the cluster?



clear .ssh/known_hosts to solve it

Code: 
> .ssh/known_hosts
 
Last edited:
Hi,

you have to add your node to the ssh_known_hosts.

This can be done with this command.
Code: 
ssh -o 'HostKeyAlias=<Target node Name>' root@<Target node IP>
You have to execute this on every cluster node with each cluster nodes as target.
 
  • Like
Reactions: kerimdk, Ultranium, hanturaya and 7 others
wolfgang said:
Hi,

you have to add your node to the ssh_known_hosts.

This can be done with this command.
Code: 
ssh -o 'HostKeyAlias=<Target node Name>' root@<Target node IP>
You have to execute this on every cluster node with each cluster nodes as target.
Click to expand...

thank your reply, I exec on every node, but the error is still:

2018-02-26 19:47:26 # /usr/bin/ssh -e none -o 'BatchMode=yes' -o 'HostKeyAlias=ynode001' root@172.16.100.1 /bin/true
2018-02-26 19:47:26 Host key verification failed.
2018-02-26 19:47:26 ERROR: migration aborted (duration 00:00:00): Can't connect to destination address using public key
TASK ERROR: migration aborted

I exec cmd again , get the same result:

Offending key for IP in /root/.ssh/known_hosts:11
Matching host key in /etc/ssh/ssh_known_hosts:1
Are you sure you want to continue connecting (yes/no)?

should i delete one of lines?


yeah! I delete line 11 in /root/.ssh/known_hosts

migrate is work!

thanks again!
 
Last edited:
Hi, sorry to raise an old thread, but I am experiencing the same problem. ON executing the command, I simply get a timeout
 
wolfgang said:
Hi,

you have to add your node to the ssh_known_hosts.

This can be done with this command.
Code: 
ssh -o 'HostKeyAlias=<Target node Name>' root@<Target node IP>
You have to execute this on every cluster node with each cluster nodes as target.
Click to expand...
Do you happen to know why this might have happened after a proxmox upgrade? It looks like a rather huge bug, even if it's supposed to be relatively easy to fix.
 
I have this same error but .. this is different than what has been discussed here

This is Proxmox 7.2 and I just added this node to the cluster. All other cluster nodes can access this new node without a password but this new node can't access any of the other nodes in the cluster without a password. So when attempting to migrate I get the same error as this thread about Host key verification failing

Is there a missing file that didn't get copied to the new node during cluster join?
 
Is the best way to fix this to simply use "ssh-copy-id" and copy this new hosts ID to each of the other nodes in the cluster because somehow it didn't happen during the join? or is there a much better way of making it happen?
 
I added this new node's id_rsa.pub contents to /etc/pve/priv/authorized_keys

This has made it so that I can sign in via ssh to all the other nodes without a password but I'm still getting the error of "Host key verification failed" when trying to migrate

No, there's no issue with the .ssh/known_hosts file .. that's been updated across the cluster

What else is left for the "Host key verification failed" error to go away? What else is needed in migration?
 
Ok, so, I restarted pveproxy on the node that I'm accessing Proxmox GUI through and that has done it .. a VM is now migrating to that node

Can someone please iterate what things can go wrong during the cluster join process that could cause this sort of thing? What things need to be in order? What could cause certificate errors? How a node's ID could end not getting copied to the authorized_keys file?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back