Can't juju ssh to one of my units

Derek DeMoss derekd at darkhorse.com
Mon Feb 13 21:51:58 UTC 2017


Hey All,
I'm getting a host key verification failure when I try to juju ssh to one of my units.

username at os-nuc-01:~/.ssh$ juju ssh  postgresql/14 -v
OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to <ip address> [<ip address>] port 22.
debug1: Connection established.
debug1: identity file /home/username/.local/share/juju/ssh/juju_id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.local/share/juju/ssh/juju_id_rsa-cert type -1
debug1: identity file /home/username/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/username/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to <ip address>:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256 at libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:th86nMHQbr0RyuXXnsrBbeOs2JkchFl6gXVBY7p6S2k
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:th86nMHQbr0RyuXXnsrBbeOs2JkchFl6gXVBY7p6S2k.
Please contact your system administrator.
Add correct host key in /tmp/ssh_known_hosts736182584 to get rid of this message.
Offending RSA key in /tmp/ssh_known_hosts736182584:7
  remove with:
  ssh-keygen -f "/tmp/ssh_known_hosts736182584" -R <ip address>
ECDSA host key for <ip address> has changed and you have requested strict checking.
Host key verification failed.


If I just do: ssh ubuntu@<unit ip address> it connects just fine.

So my question is, where is Juju getting the original for /tmp/ssh_known_hosts736182584:7

I've tried searching a bunch on my juju-controller machine, but I haven't been able to find anything that looks like the problematic known_hosts file...

All the other machines/units are juju ssh-able, and I have no idea why this one would be different [other than the drive filled up from postgresql, and I had to clear some WAL files before things got running again].

Any insight or help would be appreciated!
Derek DeMoss
Dark Horse Comics, Inc.
System Administrator I
"Truth...  Is where you seek it."-Lomar

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20170213/c111ec62/attachment.html>


More information about the Juju mailing list