Description
Starting in version 9.1, devices modeled with CLI management via SSH are added to a known_hosts file. When a device is removed from Topology, however, the associated entry is not removed from the file. This causes issues when an IP address is re-used due to a mismatch in SSH keys, including:
- Credentials fail to validate while attempting to model a device
- Management functions using CLI do not work properly
Validation:
Scope
Version: 9.1
Solution
Validation:
- In the Administration UI, model the device (select yes if prompted to add the device with the incorrect credentials).
- From the CLI, enable TelnetServer debug for the device model:
device -ip <device IP address> -setAttr -name DEBUG -value "TelnetServer"
- Attempt to validate credentials again.
- Search output.master for the following entry:
"Mismatched keys presented by <device IP address>"
Workaround: Remove stale SSH key from known_hosts file. Contact Support if assistance is required.
Option 1:
- Log in to the appliance CLI as root.
- Modify /bsc/.ssh/known_hosts.
- Search for the device's IP address or hostname and remove the entry.
Option 2:
- Log in to the appliance CLI as root.
- Use the following command to make a backup of the current known_hosts file, and remove the entry for the IP address.
sed -i.bak '/^<device IP address>/d' /bsc/.ssh/known_hosts
Or:
sed -i.bak '/^<hostname>/d' /bsc/.ssh/known_hosts
Example:
sed -i.bak '/^192.168.1.105/d' /bsc/.ssh/known_hosts
sed -i.bak '/^floor2switch/d' /bsc/.ssh/known_hosts
After removing the stale entry, select 'Validate Credentials' under the Credentials tab for the device model and confirm it is successful.
Permanent fix: Addressed in versions 9.1.7 and 9.2.5 and greater.