Offending ECDSA key in /var/lib/sss/pubconf/known_hosts

Latest response

I'm getting the dreaded "Offending ECDSA key in /var/lib/sss/pubconf/known_hosts" message when I ssh to a particular host:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
5a:b5:f5:9b:93:d9:7b:58:06:a4:50:83:aa:bf:a8:96.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /var/lib/sss/pubconf/known_hosts:4
ECDSA host key for ulrhnsat01 has changed and you have requested strict checking.
Host key verification failed.

This host was just rebuilt from scratch. I have deleted its host entry from IPA. I have stopped sssd, deleted ALL the entries from /var/lib/sss/pubconf/known_hosts, and restarted sssd, but the problem persists and /var/lib/sss/pubconf/known_hosts gets rewritten to its original value.

How do I fix the problem?

Responses

sshkeygen -R doens't help either.

Also, I'm trying to do the ssh from one of my IPA replicas.

Found the problem. I had deleted the host from another replica and the changes hadn't propagated yet.

ssh-keyscan -t ecdsa 10.120.x.x >> ~/.ssh/known_hosts

I have this problem but cant determine the solution, I can clean files and I even tried deleting them but they just re-appear when i try and ssh. I have raised a call to RH.