It seems that my ssh key is changed nightly. It's not clear why. My setup is Proxmox 8.0.4 Cluster with 3 identical nodes. The nodes are pve-node-01, 02, and 03. I've observed this consistent pattern when using the node shell from the cluster web ui:
Read this as, if I'm on the web-ui pve-node-01, then I can access pve-node-01 and pve-node-02 fine via the node shell, but pve-node-03 does not work. The only time I can shell to all three hosts in the cluster is when I access the web-ui from pve-node-03. The error message about the host key is shown below.
I can resolve this temporarily by ssh into pve-node-03 and running pvecm updatecerts. After that pve-node-03 is reachable via the shell from pve-node-01 and pve-node-02 again.
This is what I see from the shell when trying to access pve-node-03 from the web-ui of pre-node-01
Code:
https://pve-node-01:
shell pve-node-01 - yes
shell pve-node-02 - yes
shell pve-node-03 - no
https://pve-node-02:
shell pve-node-01 - yes
shell pve-node-02 - yes
shell pve-node-03 - no
https://pve-node-03:
shell pve-node-01 - yes
shell pve-node-02 - yes
shell pve-node-03 - yes
Read this as, if I'm on the web-ui pve-node-01, then I can access pve-node-01 and pve-node-02 fine via the node shell, but pve-node-03 does not work. The only time I can shell to all three hosts in the cluster is when I access the web-ui from pve-node-03. The error message about the host key is shown below.
I can resolve this temporarily by ssh into pve-node-03 and running pvecm updatecerts. After that pve-node-03 is reachable via the shell from pve-node-01 and pve-node-02 again.
Code:
root@pve-node-03:~# pvecm nodes
Membership information
----------------------
Nodeid Votes Name
1 1 pve-node-03 (local)
2 1 pve-node-02
3 1 pve-node-01
This is what I see from the shell when trying to access pve-node-03 from the web-ui of pre-node-01
Code:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:mYBW+vBgs2iPwZzrOtPTI0R5Gq5SYtzMDXM6743LQtk.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /etc/ssh/ssh_known_hosts:2
remove with:
ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "192.168.200.103"
Host key for 192.168.200.103 has changed and you have requested strict checking.
Host key verification failed.