Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

Host key appears to have changed, unable to create new

I get the Message "The host key for x.x.x.x appears to have changed" when I try to add appliance in M160. OK, so i want to delete the host key and create a New one;

> logconfig

> hostkeyconfig

Currently installed host keys:
1. 10.50.0.211 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAxxxxxxxxxxxxxxx==

> delete

Enter the number of the key you wish to delete:
> 1

Currently installed host keys:
No host keys installed.

> new

> Proxy.consoso.com,10.50.0.211

Please enter the public SSH key for authorization:
Press enter on a blank line to finish.

----> what to put here????

 

OK, IT DIDN'T WORK. SO I TRIED THIS;

[]> SCAN

Please enter the host or IP address to lookup:
[]> 10.50.0.211

Choose the ssh protocol type:
1. SSH1:rsa
2. SSH2:rsa
3. SSH2:dsa
4. All
[4]> 2

SSH2:rsa
10.50.0.211 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAu3MhyqB00mUaCa....==


Add the preceding host key(s) for 10.50.0.211? [Y]> y

Currently installed host keys:
1. 10.50.0.211 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAu3MhyqB...==

 

GREAT, THE ORIGINAL HOST KEY IS BACK. I TRIED TO TO A NEW DELETE AND PUT THE WHOLE STRING "AAAAB3Nza....." WHEN THE PROXY ASK FOR "Please enter the public SSH key for authorization";

 

[]> proxy1.dsb.net,10.50.0.211

Please enter the public SSH key for authorization:
Press enter on a blank line to finish.
AAAAB3NzaC1yc2EAAAABIwAAAQEAu3MhyqB00mUaCaMZRx/8oLKmdo+E4QPc+SQr+IakZHJ5Y1V/qjx/cRebqU36yy+rvqS3Lo+XJOR6MjlAOpxNxJTnF/vJ0o+McQ6X5SLx/3IHt+HZwfq52itHiBk9kR3ScU+km+....==

SSH key does not appear to be a valid format.

 

NOT A VALID FORMAT... OK, SO WHAT IF I CREATE A NEW SSH-KEY?

> sshconfig

Currently installed keys for admin:

Choose the operation you want to perform:
- NEW - Add a new key.
- USER - Switch to a different user to edit.
- SETUP - Configure general settings.
[]> new

Please enter the public SSH key for authorization.
Press enter on a blank line to finish.

-->> ?????

IN SHORT, HOW THE HECK TO i FIND THE PUBLIC SSH KEY FOR AUTHORIZATION?

 

 

Everyone's tags (1)
4 REPLIES
Bronze

Hi, Please check the article

Hi,

 

Please check the article "How do I configure a SSH key for login to the IronPort appliance without a password?" at the Cisco Email and Web Security Knowledge Base.

 

https://ironport.custhelp.com/app/answers/detail/a_id/283

 

 

Regards,

Kush

 

New Member

I can't see how that would

I can't see how that would help as the authentication is not the problem here, it's the host keys that doesn't match according to the management appliance. But they do match, verified With:

On the S160 applicance:

>logconfig

> hostkeyconfig

Currently installed host keys:
1. 10.50.0.211 ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAuUNxk6y...JRC/iP7Jc= (rsa-key-20140430)

 

On the management appliance:

karantene.dsb.no> logconfig

Currently configured logs:
    Log Name            Log Type                      Retrieval           Interval 
 ---------------------------------------------------------------------------------
 1. authentication      Authentication Logs           FTP Poll            None     
 2. backup_logs         Backup Logs                   FTP Poll            None     
 3. cli_logs            CLI Audit Logs                FTP Poll            None     
 4. euq_logs            Spam Quarantine Logs          FTP Poll            None     
 5. gui_logs            HTTP Logs                     FTP Poll            None     
 6. haystackd_logs      Haystack Logs                 FTP Poll            None     
 7. mail_logs           IronPort Text Mail Logs       FTP Poll            None     
 8. reportd_logs        Reporting Logs                FTP Poll            None     
 9. reportqueryd_logs   Reporting Query Logs          FTP Poll            None     
10. slbld_logs          Safe/Block Lists Logs         FTP Poll            None     
11. smad_logs           SMA Logs                      FTP Poll            None     
12. snmp_logs           SNMP Logs                     FTP Poll            None     
13. sntpd_logs          NTP logs                      FTP Poll            None     
14. system_logs         System Logs                   FTP Poll            None     
15. trackerd_logs       Tracking Logs                 FTP Poll            None     
16. updater_logs        Updater Logs                  FTP Poll            None    

Choose the operation you want to perform:
- NEW - Create a new log.
- EDIT - Modify a log subscription.
- DELETE - Remove a log subscription.
- SETUP - General settings.
- LOGHEADERS - Configure headers to log.
- HOSTKEYCONFIG - Configure SSH host keys.
[]> hostkeyconfig

Currently installed host keys:
1. ..
5. 10.50.0.211 ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAuUNxk6y...JRC/iP7Jc= (rsa-key-20140430)

 

New Member

problem solved: I deletet the

problem solved:

 

I deletet the installed host keys on the management appliance and typed "commit" after the change. Now I can add the New Appliances.. :-)

New Member

 I found part of the solution

 

I found part of the solution, in this article, http://books.google.no/books?id=_5eCO4WlKqIC&pg=PT229&lpg=PT229&dq=ironport+enter+the+public+SSH+key+for+authorization&source=bl&ots=nFnryX3Clp&sig=a9DxDLqUsypnN0THUXygDxZj39s&hl=no&sa=X&ei=iuBgU6vJMan8ygOYloLQCA&ved=0CDgQ6AEwAQ#v=onepage&q=ironport%... However, after changing the key the management appliance is still complaining about keys ahaving changed.

 

However it still says "host key have changed...". I did the same on the management applicance as quoted in the solution, deleted the old key With the ip 10.50.0.211 and added the New Public key.

The Public keys are now identical on both the management appliance and on the first Proxy. Still the error is there! I also tried to reboot, and it restored the old Public keys.

The appliance is an M160 running 8.0.0-404

1355
Views
0
Helpful
4
Replies
CreatePlease login to create content