Network Management

I hit this when I changed the SFTP server I upload by remote backups to.  The server's public key has changed and so airwave correctly flagged this up as an error (sever names and keys changed in the output below):

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the ED25519 key sent by the remote host is

SHA256:86pVqgrj9x2t0evt+7yxfv7vMjiGO+xy12kjxgnlPY0.

Please contact your system administrator.

Add correct host key in /root/.ssh/known_hosts to get rid of this message.

Offending ED25519 key in /root/.ssh/known_hosts:2

ED25519 host key for sftpserver.brighton.ac.uk has changed and you have requested strict checking.

Host key verification failed.

Note the path of the known_hosts file

So in the admin menu I can remove the old entry, to be completely sure I just removed all cached keys:

 

Your choice: 5

SSHD

  1  Set MaxAuthTries

  2  Use Compatible Ciphers

  3  Add SSH Public key

  4  Remove SSH Public keys

  5  Show Client Public key

  b  >> Back

Your choice: 4

 

Running Remove SSH Public keys

 

Enter hostname (or) IP address (or) ALL (to clear all clients from authorized list):   ALL

 

Hit return to continue ...

Then I confirmed that worked

SSHD

  1  Set MaxAuthTries

  2  Use Compatible Ciphers

  3  Add SSH Public key

  4  Remove SSH Public keys

  5  Show Client Public key

  b  >> Back

Your choice: 4

 

Running Remove SSH Public keys

 

Enter hostname (or) IP address (or) ALL (to clear all clients from authorized list): 192.168.112.250

Fatal Error: Error opening /home/admin/.ssh/authorized_keys: No such file or directory

 

Hit return to continue ...

Note the path of the authorized keys file (I think that may be a symlink but I don't have access now to confirm)

I was able to manually edit /root/.ssh/known_hosts and remove the sftp server's public key (that was still in there) and it works.

debug1: Server host key: ecdsa-sha2-nistp384 SHA256:aDldE6WD0TANdLnAUHb6lbIiZD3hBi8hoOe8No1bIA4
debug1: Host 'sftpserver.brighton.ac.uk' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received

So the bug as I see it is that the option to remove SSH keys is removing the admin user's keys but the backup job runs as root so it's removing the wrong keys (or at least needs to remove them from both locations)

I gave this information to TAC but I don't believe they raised a fault log.  Hopefully someone here can do so, or just give us root CLI access back so we can fix our own problems.

 

------------------------------
David Rickard
------------------------------

I found this in another link and it worked for me:

To fix this issue we can login to the ampcli menu.

 

Navigate to Option 8(Advanced) --> Option 2(Enter commands) and enter the below command,

Type 'help' for the list of commands.
$ clear_known_hosts
Enter hostname (or) IP address (or) ALL (to clear the entire known hosts file): ALL

Original Message:
Sent: Apr 14, 2022 09:48 AM
From: davidrickard
Subject: Airwave SSH - Bug in admin menu

I hit this when I changed the SFTP server I upload by remote backups to.  The server's public key has changed and so airwave correctly flagged this up as an error (sever names and keys changed in the output below):

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the ED25519 key sent by the remote host is

SHA256:86pVqgrj9x2t0evt+7yxfv7vMjiGO+xy12kjxgnlPY0.

Please contact your system administrator.

Add correct host key in /root/.ssh/known_hosts to get rid of this message.

Offending ED25519 key in /root/.ssh/known_hosts:2

ED25519 host key for sftpserver.brighton.ac.uk has changed and you have requested strict checking.

Host key verification failed.

Note the path of the known_hosts file

So in the admin menu I can remove the old entry, to be completely sure I just removed all cached keys:

 

Your choice: 5

SSHD

  1  Set MaxAuthTries

  2  Use Compatible Ciphers

  3  Add SSH Public key

  4  Remove SSH Public keys

  5  Show Client Public key

  b  >> Back

Your choice: 4

 

Running Remove SSH Public keys

 

Enter hostname (or) IP address (or) ALL (to clear all clients from authorized list):   ALL

 

Hit return to continue ...

Then I confirmed that worked

SSHD

  1  Set MaxAuthTries

  2  Use Compatible Ciphers

  3  Add SSH Public key

  4  Remove SSH Public keys

  5  Show Client Public key

  b  >> Back

Your choice: 4

 

Running Remove SSH Public keys

 

Enter hostname (or) IP address (or) ALL (to clear all clients from authorized list): 192.168.112.250

Fatal Error: Error opening /home/admin/.ssh/authorized_keys: No such file or directory

 

Hit return to continue ...

Note the path of the authorized keys file (I think that may be a symlink but I don't have access now to confirm)

I was able to manually edit /root/.ssh/known_hosts and remove the sftp server's public key (that was still in there) and it works.

debug1: Server host key: ecdsa-sha2-nistp384 SHA256:aDldE6WD0TANdLnAUHb6lbIiZD3hBi8hoOe8No1bIA4
debug1: Host 'sftpserver.brighton.ac.uk' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received

So the bug as I see it is that the option to remove SSH keys is removing the admin user's keys but the backup job runs as root so it's removing the wrong keys (or at least needs to remove them from both locations)

I gave this information to TAC but I don't believe they raised a fault log.  Hopefully someone here can do so, or just give us root CLI access back so we can fix our own problems.

 

------------------------------
David Rickard
------------------------------