[prev in list] [next in list] [prev in thread] [next in thread] 

List:       npaci-rocks-discussion
Subject:    [Rocks-Discuss]  Remote host identification has changed!
From:       Beatriz Gaite Castrillo <gaite.beatriz () gmail ! com>
Date:       2017-04-17 12:02:08
Message-ID: CAGYS_RjA7T+cO4xozoR3ot12RdrXWpPVzx07qjH244jwAH1A_A () mail ! gmail ! com
[Download RAW message or body]

Dear all,

I found a problem when connecting by ssh in the recently installed cluster
with a Rocks Cluster 6.2 distribution.
I can connect as root to the frontend or any of the nodes without any
problem. However, when I ssh as a common user from the frontend to
compute-0-0, I can connect but, I get the following message (it only
happens when connecting to compute-0-0, not when connecting to any other
compute node):

*ssh compute-0-0*

*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*

*@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @*

*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@*

*IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!*

*Someone could be eavesdropping on you right now (man-in-the-middle
attack)!*

*It is also possible that the RSA host key has just been changed.*

*The fingerprint for the RSA key sent by the remote host is*

*4a:c6:a1:80:8a:53:7f:c4:1b:80:8e:9f:c0:fc:42:25.*

*Please contact your system administrator.*

*Add correct host key in /home/prueba/.ssh/known_hosts to get rid of this
message.*

*Offending key in /etc/ssh/ssh_known_hosts:9*

*Password authentication is disabled to avoid man-in-the-middle attacks.*

*Keyboard-interactive authentication is disabled to avoid man-in-the-middle
attacks.*

*Agent forwarding is disabled to avoid man-in-the-middle attacks.*

*X11 forwarding is disabled to avoid man-in-the-middle attacks.*


The difference of ~/.ssh/known_hosts amongst nodes is:
frontend:~root/.ssh/known_hosts contains a compute-0-0 host-key (different
host key that in /etc/ssh/ssh_known_hosts).
compute-0-0:~root/.ssh/known_hosts contains the same compute-0-0 host-key
that frontend:~root/.ssh/known_hosts.
The file ~root/.ssh/known_hosts does not exist on the other compute nodes.

In the case of a common user:
frontend:~/.ssh/known_hosts contains the same information that
~root/.ssh/known_hosts.
The file ~/.ssh/known_hosts does not exist in any compute node.

It seems that the problem comes from the of compute-0-0 host key being
included in ~/.ssh/known_hosts.

Firstly, I do not know the reason why only compute-0-0 key it is included
in .ssh/known_hosts.

Secondly, it also seems I can ssh to compute-0-0 and work in it, so I
suppose it does not imply consequences to Torque node
process distribution. Anyone can confirm this?

Thirdly, any idea of how can I solved this without any additional cluster
configuration consequences?

I appreciate your help in advance.

Beatriz Gaite
Spanish National Seismological Network
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20170417/ce6d3e9b/attachment.html \



[prev in list] [next in list] [prev in thread] [next in thread]