Offending ECDSA key in /var/lib/sss/pubconf/known_hosts
Issue
Failure when trying to SSH to host with errors such as:
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
Offending ECDSA key in /var/lib/sss/pubconf/known_hosts:$n
ECDSA host key for [$hostname] has changed and you have requested strict checking. Host key verification failed.
OR
Ansible failure to connect, with similar error messages:
[ ERROR ] fatal: [localhost]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ECDSA key sent by the remote host is\n [$SSH fingerprint] \r\nPlease contact your system administrator.\r\nAdd correct host key in /dev/null to get rid of this message.\r\nOffending ED25519 key in /var/lib/sss/pubconf/known_hosts:$n\r\nPassword authentication is disabled to avoid man-in-the-middle attacks.\r\nKeyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.\r\n
[$user@$host]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "skip_reason": "Host localhost is unreachable", "unreachable": true}
Removing the offending line in /var/lib/sss/pubconf/known_hosts does not resolve the issue as it gets repopulated with the offending key.
Environment
- Red Hat Enterprise Linux 7 (RHEL)
- Red Hat Enterprise Linux 8 (RHEL)
- Red Hat Identity Management (IDM)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.