[rancid] Re: New device on .cloginrc

Mahaffey, Brian bmahaffey at pelco.com
Tue Apr 13 20:28:59 UTC 2010


http://lmgtfy.com/?q=Offending+key+in+%2Froot%2F.ssh%2Fknown_hosts

rm -rf /root/.ssh/known_hosts


-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira
Sent: Tuesday, April 13, 2010 1:20 PM
To: Rancid Mailing List
Subject: [rancid] Re: New device on .cloginrc

Ryan,

I changed this:
add method 10.0.0.2 {telnet} {ssh}

To this:
add method 10.0.0.2 {ssh} {telnet}


But now, the error has changed...(ok, if  "Update the SSH known_hosts 
file accordingly." is the answer, how can I do that?)

-----------------------
/home/rancid/bin/clogin 10.0.0.2
10.0.0.2
spawn telnet 10.0.0.2
Trying 10.0.0.2...
telnet: Unable to connect to remote host: Connection refused
spawn ssh -c 3des -x -l root 10.0.0.2
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
8f:23:61:b6:03:36:e0:7c:d2:e6:5c:0c:37:5d:c5:fe.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:1
RSA host key for 10.0.0.2 has changed and you have requested strict 
checking.
Host key verification failed.

Error: The host key for 10.0.0.2 has changed.  Update the SSH 
known_hosts file accordingly.
-----------------------

-- 

Wagner Pereira

PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901


Em 13/4/2010 16:54, Ryan West escreveu:
> Command line check that you connect to that device using telnet or ssh.  If you can't, fix that first.  If you want to connect via SSH, then change your connection method in your .cloginrc file.
>
> -ryan
>
>    
>> -----Original Message-----
>> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-
>> bounces at shrubbery.net] On Behalf Of Wagner Pereira
>> Sent: Tuesday, April 13, 2010 3:47 PM
>> Cc: rancid-discuss at shrubbery.net
>> Subject: [rancid] Re: New device on .cloginrc
>>
>> Ryan,
>>
>> You were right concerning to the rsa key.
>>
>> I ran the "crypto key generate rsa" command in my Cisco router, choosing
>> 1024 bits. It worked.
>>
>> But now the error changed, as follows (it seems like the ssh connection
>> method was not tried):
>>
>> ---------------------
>> /home/rancid/bin/clogin 10.0.0.2
>> 10.0.0.2
>> spawn telnet 10.0.0.2
>> Trying 10.0.0.2...
>> telnet: Unable to connect to remote host: No route to host
>>
>> Error: Couldn't login: 10.0.0.2
>> ---------------------
>>
>> What's next?
>>
>> --
>>
>> Wagner Pereira
>>
>> PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
>> CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
>> http://www.pop-sp.rnp.br
>> Tel. (11) 3091-8901
>>
>>
>> Em 13/4/2010 10:41, Ryan West escreveu:
>>      
>>>
>>>        
>>>> -----Original Message-----
>>>> Sent: Tuesday, April 13, 2010 9:34 AM
>>>> To: rancid-discuss at shrubbery.net
>>>> Subject: [rancid] Re: New device on .cloginrc
>>>>
>>>> Hi, Marty.
>>>>
>>>> It sounds wrong, I suppose, because the Rancid is still running over
>>>> other device perfectly.
>>>>
>>>> Then, I ran this:
>>>> ----------------------
>>>> /home/rancid/bin/clogin 10.0.0.2
>>>> 10.0.0.2
>>>> spawn telnet 10.0.0.2
>>>> Trying 10.0.0.2...
>>>> telnet: Unable to connect to remote host: Connection refused
>>>> spawn ssh -c 3des -x -l root 10.0.0.2
>>>> ssh_rsa_verify: RSA modulus too small: 512<   minimum 768 bits
>>>> key_verify failed for server_host_key
>>>>
>>>> Error: Couldn't login: 10.0.0.2
>>>> ----------------------
>>>>
>>>>          
>>> Try googling the ss_rsa_verify output.  I imagine the device you're
>>>        
>> connecting to is rather old, you should try to run a 1024 bit key at the
>> minimum.  I would recommend using a 2048 bit key if you can, but if it's an
>> older device, be prepared to wait a while.  You may be able to change how
>> RANCID connects to the device, but I think you would be off gen'ing a new key
>> on the device instead.
>>      
>>> -ryan
>>>
>>>        
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>>      
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

This transmission is intended only for use by the intended
recipient(s). If you are not an intended recipient you should not read, disclose copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments.


More information about the Rancid-discuss mailing list