Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3756
Views
0
Helpful
1
Replies

Please use the logconfig->hostkeyconfig command to verify (and possibly update) the SSH host key for

gregskigregski
Level 1
Level 1

‎06-03-2013 08:37 AM

let me start off by saying the Search feature on this forum [ahem] community is horendous

Anyway we replaced our C350 appliance with the newer C370 and now our M650 appliance complains that:

The host key for 111.122.133.144 (IP Address obfuscated) appears to have changed.

It is possible that someone is trying to hijack the encrypted connection to the remote host. Please use the logconfig->hostkeyconfig command to verify (and possibly update) the SSH host key for 111.122.133.144.

Now we have gone through this before but I forgot what to do, or what I have in my notes is not working, could you please help.

My notes say to login to the M Series and from the CLI delete the old host key, which we have done.

Then on the M Series go through the GUI and Establish Connection again for the new appliance, well when I do that I get the same error.

2 people had this problem
Labels:
0 Helpful
1 Reply 1

Enrico Werner
Cisco Employee
Cisco Employee

‎06-06-2013 05:43 AM

Hi,

this should work:

## Verifying the host keys

On your C370 appliance please access the command line and issue the  logconfig command. Once done run the following sub-commands:

Choose the operation you want to perform:

- NEW - Create a new log.

- EDIT - Modify a log subscription.

- DELETE - Remove a log subscription.

- SETUP - General settings.

- LOGHEADERS - Configure headers to log.

- HOSTKEYCONFIG - Configure SSH host keys.

[]> hostkeyconfig

Currently installed host keys:

No host keys installed.

Choose the operation you want to perform:

- NEW - Add a new key.

- SCAN - Automatically download a host key.

- HOST - Display system host keys.

- FINGERPRINT - Display system host key fingerprints.

- USER - Display system user keys.

[]> host

This will display the system host keys for each appliance. Now you can  access the CLI of the M-Series and run logconfig - HOSTKEYCONFIG - PRINT  and verify the installed keys on the M650 with the the keys displayed on  each C370.

## Deleting the installed host keys on M650

Run logconfig - HOSTKEYCONFIG - DELETE

## Scan for new host keys on M650

Run logconfig - HOSTKEYCONFIG - SCAN

After scanning for new keys please verify if they have been installed by  using the PRINT option on the M650 and verify with the output of the  HOST option on the C370.

Regards,

Enrico

.

0 Helpful
Customers Also Viewed These Support Documents