Hi all,
I had a node fail (hard drive crash).
So I removed the entry from the cluster (pvecm delnode)
I then re-installed proxmox 3.4, named it the same name (the box needed to remain named that way for inhouse reasons), did all of the updates, joined it to the cluster.
So far so good.
I installed a single vm on it
I then tried to open a console to it, which failed (I was on the web interface through another machine in the cluster)
Realized it was using the ssh key in known_hosts for the connection, so on the other two boxes, logged in as root, I backed up the offending known_hosts filed and then cleared out the known_hosts file under /root/.ssh on the two other boxes in the cluster
NOVNC console now worked fine regardless of which node I'm logged into.
Now, although it's all working, I'm concerned if I've missed something or need to do something different; only one machine has an entry in known_hosts - the one I just rebuilt and added to the network. I know there is also an /etc/ssh/known_hosts, but the entries in there are in a format I don't recognize and I'm not sure if/how it would need to be adjusted.
This is the actual message that would pop up:
With the known_host entries cleared in /root/.ssh I can ssh to/from any of the boxes without passwords, and the web interface appears to be working, but I'm concerned I'm overlooking something. Any tips would be appreciated.
I had a node fail (hard drive crash).
So I removed the entry from the cluster (pvecm delnode)
I then re-installed proxmox 3.4, named it the same name (the box needed to remain named that way for inhouse reasons), did all of the updates, joined it to the cluster.
So far so good.
I installed a single vm on it
I then tried to open a console to it, which failed (I was on the web interface through another machine in the cluster)
Realized it was using the ssh key in known_hosts for the connection, so on the other two boxes, logged in as root, I backed up the offending known_hosts filed and then cleared out the known_hosts file under /root/.ssh on the two other boxes in the cluster
NOVNC console now worked fine regardless of which node I'm logged into.
Now, although it's all working, I'm concerned if I've missed something or need to do something different; only one machine has an entry in known_hosts - the one I just rebuilt and added to the network. I know there is also an /etc/ssh/known_hosts, but the entries in there are in a format I don't recognize and I'm not sure if/how it would need to be adjusted.
This is the actual message that would pop up:
Code:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
<FINGERPRINT DELETED>
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /etc/ssh/ssh_known_hosts:6
ECDSA host key for 172.16.6.10 has changed and you have requested strict checking.
Host key verification failed.With the known_host entries cleared in /root/.ssh I can ssh to/from any of the boxes without passwords, and the web interface appears to be working, but I'm concerned I'm overlooking something. Any tips would be appreciated.
My concern was more of if anything else needed to be adjusted or changed or copied in doing this (replacing a failed server with a fresh install with the same name) - seems to be now limited to the entry in /etc/ssh/ssh_known_hosts (which although not causing a problem since I cleared the /root/.ssh/known_hosts, I might as well clear off just to be safe). thanks for the response, it pretty much confirmed what I felt was the case, but I just wanted to be sure.