Offending ECDSA key in /var/lib/sss/pubconf/known_hosts

Latest response

I'm getting the dreaded "Offending ECDSA key in /var/lib/sss/pubconf/known_hosts" message when I ssh to a particular host:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
5a:b5:f5:9b:93:d9:7b:58:06:a4:50:83:aa:bf:a8:96.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /var/lib/sss/pubconf/known_hosts:4
ECDSA host key for ulrhnsat01 has changed and you have requested strict checking.
Host key verification failed.

This host was just rebuilt from scratch. I have deleted its host entry from IPA. I have stopped sssd, deleted ALL the entries from /var/lib/sss/pubconf/known_hosts, and restarted sssd, but the problem persists and /var/lib/sss/pubconf/known_hosts gets rewritten to its original value.

How do I fix the problem?

ti
Log in to join the conversation

Responses

ti Active Contributor 185 points
11 February 2015 3:34 PM

sshkeygen -R doens't help either.

ti Active Contributor 185 points
11 February 2015 3:38 PM

Also, I'm trying to do the ssh from one of my IPA replicas.

ti Active Contributor 185 points
11 February 2015 3:42 PM

Found the problem. I had deleted the host from another replica and the changes hadn't propagated yet.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.