Network Management

 View Only
last person joined: yesterday 

Keep an informative eye on your network with IMC and AirWave network management solutions.

Airwave SSH - Bug in admin menu

This thread has been viewed 1 times
  • 1.  Airwave SSH - Bug in admin menu

    Posted Apr 14, 2022 09:49 AM

    I hit this when I changed the SFTP server I upload by remote backups to.  The server's public key has changed and so airwave correctly flagged this up as an error (sever names and keys changed in the output below):

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

    Someone could be eavesdropping on you right now (man-in-the-middle attack)!

    It is also possible that a host key has just been changed.

    The fingerprint for the ED25519 key sent by the remote host is

    SHA256:86pVqgrj9x2t0evt+7yxfv7vMjiGO+xy12kjxgnlPY0.

    Please contact your system administrator.

    Add correct host key in /root/.ssh/known_hosts to get rid of this message.

    Offending ED25519 key in /root/.ssh/known_hosts:2

    ED25519 host key for sftpserver.brighton.ac.uk has changed and you have requested strict checking.

    Host key verification failed.

    Note the path of the known_hosts file

    So in the admin menu I can remove the old entry, to be completely sure I just removed all cached keys:

     

    Your choice: 5

    SSHD

      1  Set MaxAuthTries

      2  Use Compatible Ciphers

      3  Add SSH Public key

      4  Remove SSH Public keys

      5  Show Client Public key

      b  >> Back

    Your choice: 4

     

    Running Remove SSH Public keys

     

    Enter hostname (or) IP address (or) ALL (to clear all clients from authorized list):   ALL

     

    Hit return to continue ...

    Then I confirmed that worked

    SSHD

      1  Set MaxAuthTries

      2  Use Compatible Ciphers

      3  Add SSH Public key

      4  Remove SSH Public keys

      5  Show Client Public key

      b  >> Back

    Your choice: 4

     

    Running Remove SSH Public keys

     

    Enter hostname (or) IP address (or) ALL (to clear all clients from authorized list): 192.168.112.250

    Fatal Error: Error opening /home/admin/.ssh/authorized_keys: No such file or directory

     

    Hit return to continue ...


    Note the path of the authorized keys file (I think that may be a symlink but I don't have access now to confirm)

    I was able to manually edit /root/.ssh/known_hosts and remove the sftp server's public key (that was still in there) and it works.


    debug1: Server host key: ecdsa-sha2-nistp384 SHA256:aDldE6WD0TANdLnAUHb6lbIiZD3hBi8hoOe8No1bIA4
    debug1: Host 'sftpserver.brighton.ac.uk' is known and matches the ECDSA host key.
    debug1: Found key in /root/.ssh/known_hosts:1
    debug1: rekey after 4294967296 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: rekey after 4294967296 blocks
    debug1: SSH2_MSG_EXT_INFO received


    So the bug as I see it is that the option to remove SSH keys is removing the admin user's keys but the backup job runs as root so it's removing the wrong keys (or at least needs to remove them from both locations)

    I gave this information to TAC but I don't believe they raised a fault log.  Hopefully someone here can do so, or just give us root CLI access back so we can fix our own problems.

     



    ------------------------------
    David Rickard
    ------------------------------