Updating known hosts

Posted by / 18-Sep-2017 02:34

Updating known hosts

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

Every server with SSH capabilities has a unique RSA key fingerprint.

When a server is relaunched, this key can change because of a network card change, or more likely, because the server was replaced and it is running on entirely new hardware.

If any of several identifying features of the host change a new host key could be created and if that happens your ssh client will let you know by refusing to log you into that system.

This new feature is designed to prevent man-in-the-middle attack as explained in the Jenkins Security Advisory 2017-03-20.

Note: The Man-in-the-middle attacks happens when a server pretend to be the remote Host, between you and the server you intend to connect to.

When this happens and you attempt to connect to the server using SSH, you may see a warning similar to the following message: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

updating known hosts-10updating known hosts-48updating known hosts-1

PLAY [appservers] ************************************************************* GATHERING FACTS *************************************************************** fatal: [server02product-ref.dev] = TASK: [common | remove old ansible-tmp-*] ************************************* FATAL: no hosts matched or all hosts have already failed -- aborting PLAY RECAP ******************************************************************** to retry, use: --limit @/var/lib/jenkins/site.retry server01: ok=0 changed=0 unreachable=1 failed=0 server02: ok=0 changed=0 unreachable=1 failed=0 Build step 'Execute shell' marked build as failure Finished: FAILURE This error can be resolved, if I first go to the source machine (from where I'm running the ansible playbook) and manually ssh to the target machine (as the given user) and enter "yes" for known_hosts file entry.