I hit this when I changed the SFTP server I upload by remote backups to. The server's public key has changed and so airwave correctly flagged this up as an error (sever names and keys changed in the output below):
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:86pVqgrj9x2t0evt+7yxfv7vMjiGO+xy12kjxgnlPY0.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ED25519 key in /root/.ssh/known_hosts:2
ED25519 host key for sftpserver.brighton.ac.uk has changed and you have requested strict checking.
Host key verification failed.
Note the path of the known_hosts file
So in the admin menu I can remove the old entry, to be completely sure I just removed all cached keys:
Your choice: 5
SSHD
1 Set MaxAuthTries
2 Use Compatible Ciphers
3 Add SSH Public key
4 Remove SSH Public keys
5 Show Client Public key
b >> Back
Your choice: 4
Running Remove SSH Public keys
Enter hostname (or) IP address (or) ALL (to clear all clients from authorized list): ALL
Hit return to continue ...
Then I confirmed that worked
SSHD
1 Set MaxAuthTries
2 Use Compatible Ciphers
3 Add SSH Public key
4 Remove SSH Public keys
5 Show Client Public key
b >> Back
Your choice: 4
Running Remove SSH Public keys
Enter hostname (or) IP address (or) ALL (to clear all clients from authorized list): 192.168.112.250
Fatal Error: Error opening /home/admin/.ssh/authorized_keys: No such file or directory
Hit return to continue ...
Note the path of the authorized keys file (I think that may be a symlink but I don't have access now to confirm)
I was able to manually edit /root/.ssh/known_hosts and remove the sftp server's public key (that was still in there) and it works.
debug1: Server host key: ecdsa-sha2-nistp384 SHA256:aDldE6WD0TANdLnAUHb6lbIiZD3hBi8hoOe8No1bIA4
debug1: Host 'sftpserver.brighton.ac.uk' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received
So the bug as I see it is that the option to remove SSH keys is removing the admin user's keys but the backup job runs as root so it's removing the wrong keys (or at least needs to remove them from both locations)
I gave this information to TAC but I don't believe they raised a fault log. Hopefully someone here can do so, or just give us root CLI access back so we can fix our own problems.
------------------------------
David Rickard
------------------------------