Re: Host key appears to have changed, unable to create new

bvj197222 · ‎04-30-2014

I get the Message "The host key for x.x.x.x appears to have changed" when I try to add appliance in M160. OK, so i want to delete the host key and create a New one;

> logconfig

> hostkeyconfig

Currently installed host keys:
1. 10.50.0.211 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAxxxxxxxxxxxxxxx==

> delete

Enter the number of the key you wish to delete:
> 1

Currently installed host keys:
No host keys installed.

> new

> Proxy.consoso.com,10.50.0.211

Please enter the public SSH key for authorization:
Press enter on a blank line to finish.

----> what to put here????

OK, IT DIDN'T WORK. SO I TRIED THIS;

[]> SCAN

Please enter the host or IP address to lookup:
[]> 10.50.0.211

Choose the ssh protocol type:
1. SSH1:rsa
2. SSH2:rsa
3. SSH2:dsa
4. All
[4]> 2

SSH2:rsa
10.50.0.211 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAu3MhyqB00mUaCa....==

Add the preceding host key(s) for 10.50.0.211? [Y]> y

Currently installed host keys:
1. 10.50.0.211 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAu3MhyqB...==

GREAT, THE ORIGINAL HOST KEY IS BACK. I TRIED TO TO A NEW DELETE AND PUT THE WHOLE STRING "AAAAB3Nza....." WHEN THE PROXY ASK FOR "Please enter the public SSH key for authorization";

[]> proxy1.dsb.net,10.50.0.211

Please enter the public SSH key for authorization:
Press enter on a blank line to finish.
AAAAB3NzaC1yc2EAAAABIwAAAQEAu3MhyqB00mUaCaMZRx/8oLKmdo+E4QPc+SQr+IakZHJ5Y1V/qjx/cRebqU36yy+rvqS3Lo+XJOR6MjlAOpxNxJTnF/vJ0o+McQ6X5SLx/3IHt+HZwfq52itHiBk9kR3ScU+km+....==

SSH key does not appear to be a valid format.

NOT A VALID FORMAT... OK, SO WHAT IF I CREATE A NEW SSH-KEY?

> sshconfig

Currently installed keys for admin:

Choose the operation you want to perform:
- NEW - Add a new key.
- USER - Switch to a different user to edit.
- SETUP - Configure general settings.
[]> new

Please enter the public SSH key for authorization.
Press enter on a blank line to finish.

-->> ?????

IN SHORT, HOW THE HECK TO i FIND THE PUBLIC SSH KEY FOR AUTHORIZATION?

kushsriva · ‎04-30-2014

Hi,

Please check the article "How do I configure a SSH key for login to the IronPort appliance without a password?" at the Cisco Email and Web Security Knowledge Base.

https://ironport.custhelp.com/app/answers/detail/a_id/283

Regards,

Kush

bvj197222 · ‎04-30-2014

I can't see how that would help as the authentication is not the problem here, it's the host keys that doesn't match according to the management appliance. But they do match, verified With:

On the S160 applicance:

>logconfig

> hostkeyconfig

Currently installed host keys:
1. 10.50.0.211 ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAuUNxk6y...JRC/iP7Jc= (rsa-key-20140430)

On the management appliance:

karantene.dsb.no> logconfig

Currently configured logs:
    Log Name            Log Type                      Retrieval           Interval
---------------------------------------------------------------------------------
1. authentication      Authentication Logs           FTP Poll            None
2. backup_logs         Backup Logs                   FTP Poll            None
3. cli_logs            CLI Audit Logs                FTP Poll            None
4. euq_logs            Spam Quarantine Logs          FTP Poll            None
5. gui_logs            HTTP Logs                     FTP Poll            None
6. haystackd_logs      Haystack Logs                 FTP Poll            None
7. mail_logs           IronPort Text Mail Logs       FTP Poll            None
8. reportd_logs        Reporting Logs                FTP Poll            None
9. reportqueryd_logs   Reporting Query Logs          FTP Poll            None
10. slbld_logs          Safe/Block Lists Logs         FTP Poll            None
11. smad_logs           SMA Logs                      FTP Poll            None
12. snmp_logs           SNMP Logs                     FTP Poll            None
13. sntpd_logs          NTP logs                      FTP Poll            None
14. system_logs         System Logs                   FTP Poll            None
15. trackerd_logs       Tracking Logs                 FTP Poll            None
16. updater_logs        Updater Logs                  FTP Poll            None

Choose the operation you want to perform:
- NEW - Create a new log.
- EDIT - Modify a log subscription.
- DELETE - Remove a log subscription.
- SETUP - General settings.
- LOGHEADERS - Configure headers to log.
- HOSTKEYCONFIG - Configure SSH host keys.
[]> hostkeyconfig

Currently installed host keys:
1. ..
5. 10.50.0.211 ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAuUNxk6y...JRC/iP7Jc= (rsa-key-20140430)

bvj197222 · ‎04-30-2014

problem solved:

I deletet the installed host keys on the management appliance and typed "commit" after the change. Now I can add the New Appliances.. :-)

bvj197222 · ‎04-30-2014

I found part of the solution, in this article, http://books.google.no/books?id=_5eCO4WlKqIC&pg=PT229&lpg=PT229&dq=ironport+enter+the+public+SSH+key+for+authorization&source=bl&ots=nFnryX3Clp&sig=a9DxDLqUsypnN0THUXygDxZj39s&hl=no&sa=X&ei=iuBgU6vJMan8ygOYloLQCA&ved=0CDgQ6AEwAQ#v=onepage&q=ironport%... However, after changing the key the management appliance is still complaining about keys ahaving changed.

However it still says "host key have changed...". I did the same on the management applicance as quoted in the solution, deleted the old key With the ip 10.50.0.211 and added the New Public key.

The Public keys are now identical on both the management appliance and on the first Proxy. Still the error is there! I also tried to reboot, and it restored the old Public keys.

The appliance is an M160 running 8.0.0-404

Daryl Allen · ‎08-22-2018

Your solution was correct, but lacking sufficient detail for people who don't work with ESA and SMA everyday. I'm going to elaborate on your process.

First, delete any existing host keys on SMA:

-----------------------------------------------

Currently installed host keys:
1. 198.18.133.146 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/...blxF/pK9qj
(root@esa.dcloud.cisco.com)

Choose the operation you want to perform:
- NEW - Add a new key.
- EDIT - Modify a key.
- DELETE - Remove a key.
- SCAN - Automatically download a host key.
- PRINT - Display a key.
- HOST - Display system host keys.
- FINGERPRINT - Display system host key fingerprints.
- USER - Display system user keys.
[]> delete

Enter the number of the key you wish to delete.
[]> 1

Currently installed host keys:
No host keys installed.

---------------------------------------------------------------------------

On the SMA, use scan and point to ESA ip address to get the new keys:

-----------------------------------------------------------------------

Currently installed host keys:
No host keys installed.

Choose the operation you want to perform:
- NEW - Add a new key.
- SCAN - Automatically download a host key.
- HOST - Display system host keys.
- FINGERPRINT - Display system host key fingerprints.
- USER - Display system user keys.
[]> scan

Please enter the host or IP address to lookup:
[]> 198.18.133.146

Choose the ssh protocol type:
1. SSH2:rsa
2. SSH2:dsa
3. All
[3]> 3

SSH2:rsa
198.18.133.146 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/UWxfsuh29HSU8SMN/UsTrFU0Q9JECPXT6ViLSPQSkm4uBnGbXyuWLFgenQ2Sb7l47FHW7oA//vDwpI4AEKYjYUQDA9eh9Nn6hTjxcIEW3cxvbapNr4vFR4HumEPiNNoml6pRXS8ZjzcKh+Aehi+9P9Opmg+yhn57Rb9oluScZq2g59jATpTbMKwaLV0/pqjqLvKZQ3+pZkBkxC0l9yrcoOEK3X8pskI/TSgAss/x2L2Vf/jpgcZNWD+XHzK3n1iGHRrid1ME78B1h+O3pzLlQlMetXUabC6417wncc33y6eWPyV/2hKo8rAmizZfDmm4O6lQiuKIZxblxF/pK9qj

SSH2:dsa
198.18.133.146 ssh-dss AAAAB3NzaC1kc3MAAACBAP5S04mLvDR1GlyD0rGlCBFJxOTzv0cm12Qdsgutkw9fOv7xHOBJ1jGcpR2f4mqi74L3A2+3cjBd7KjTZu0k5LMt4nS2DO90NyESL4psrzA8L//6T4m3Tc04TY3QQcZgN/toDs0MGTEtmdXikQ8t8sjAzQkmQ4ggdj0ecW3Go2JbAAAAFQDT2v6HbVqYVASuPycJN41h0sHfjQAAAIEAjlS7sPCu2mzCXxy2hM2/uqGFhTqMWRYCnyFPN0JFYIn7plONf0LUztTxcUYL4yC+y19ZZnqJ01YSS0M9iICo/qWjQyaZMld/kuzCRobDcSDUuLAOi/21ocKhN0s6hz6aU+ZAHiavGdN8tK9J9Y4eCT4PG29qYqqD3EHKCyNEBmcAAACATS3jNfPypjxSODjhxwsIHNMGqq5kB56MPVAg0vIejwukd4509eKRiJm6Mu5f03oPZak0HZDtzRzWjneoYDBsCdRTANFxYPNQnqaEEJiztCKtLiMTfKJv2BqnUTNo/pzM43dqMs40Lw/pv2bYPeiyPtr7Za+XtGuPm55+sukHcsQ=

Add the preceding host key(s) for 198.18.133.146? [Y]>

Currently installed host keys:
1. 198.18.133.146 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/...blxF/pK9qj
2. 198.18.133.146 ssh-dss AAAAB3NzaC1kc3MAAACBAP5S04mLvDR1...5+sukHcsQ=

-----------------------------------------------------------------------------------

Hit enter twice and type "commit" to commit the changes. Also, hit enter again to skip the comment add line.

---------------------------------------------------------------------------------

Currently installed host keys:
1. 198.18.133.146 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/...blxF/pK9qj
2. 198.18.133.146 ssh-dss AAAAB3NzaC1kc3MAAACBAP5S04mLvDR1...5+sukHcsQ=

Choose the operation you want to perform:
- NEW - Add a new key.
- EDIT - Modify a key.
- DELETE - Remove a key.
- SCAN - Automatically download a host key.
- PRINT - Display a key.
- HOST - Display system host keys.
- FINGERPRINT - Display system host key fingerprints.
- USER - Display system user keys.
[]> print

Enter the number of the key you wish to print.
[]> 1

198.18.133.146 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/UWxfsuh29HSU8SMN/UsTrFU0Q9JECPXT6ViLSPQSkm4uBnGbXyuWLFgenQ2Sb7l47FHW7oA//vDwpI4AEKYjYUQDA9eh9Nn6hTjxcIEW3cxvbapNr4vFR4HumEPiNNoml6pRXS8ZjzcKh+Aehi+9P9Opmg+yhn57Rb9oluScZq2g59jATpTbMKwaLV0/pqjqLvKZQ3+pZkBkxC0l9yrcoOEK3X8pskI/TSgAss/x2L2Vf/jpgcZNWD+XHzK3n1iGHRrid1ME78B1h+O3pzLlQlMetXUabC6417wncc33y6eWPyV/2hKo8rAmizZfDmm4O6lQiuKIZxblxF/pK9qj

Currently installed host keys:
1. 198.18.133.146 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/...blxF/pK9qj
2. 198.18.133.146 ssh-dss AAAAB3NzaC1kc3MAAACBAP5S04mLvDR1...5+sukHcsQ=

Choose the operation you want to perform:
- NEW - Add a new key.
- EDIT - Modify a key.
- DELETE - Remove a key.
- SCAN - Automatically download a host key.
- PRINT - Display a key.
- HOST - Display system host keys.
- FINGERPRINT - Display system host key fingerprints.
- USER - Display system user keys.
[]> fingerprint

Host keys for sma.dcloud.com:

ssh-rsa: b4:ba:bf:f6:53:20:1d:be:7d:de:f7:b2:f0:9b:bd:2f

ssh-dss: 7a:e4:47:2c:e9:2c:db:a9:74:1f:b9:64:5d:68:b3:3a

Currently installed host keys:
1. 198.18.133.146 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/...blxF/pK9qj
2. 198.18.133.146 ssh-dss AAAAB3NzaC1kc3MAAACBAP5S04mLvDR1...5+sukHcsQ=

Choose the operation you want to perform:
- NEW - Add a new key.
- EDIT - Modify a key.
- DELETE - Remove a key.
- SCAN - Automatically download a host key.
- PRINT - Display a key.
- HOST - Display system host keys.
- FINGERPRINT - Display system host key fingerprints.
- USER - Display system user keys.
[]> commit

Unknown option. Select one of the listed options, or press enter to exit the
command.
[]>

Currently configured logs:
Log Name Log Type Retrieval
Interval
-------------------------------------------------------------------------------
--
1. authentication Authentication Logs FTP Poll None
2. backup_logs Backup Logs FTP Poll None
3. cli_logs CLI Audit Logs FTP Poll None
4. euq_logs Spam Quarantine Logs FTP Poll None
5. euqgui_logs Spam Quarantine GUI Logs FTP Poll None
6. ftpd_logs FTP Server Logs FTP Poll None
7. gui_logs HTTP Logs FTP Poll None
8. haystackd_logs Haystack Logs FTP Poll None
9. mail_logs Cisco Text Mail Logs FTP Poll None
10. reportd_logs Reporting Logs FTP Poll None
11. reportqueryd_logs Reporting Query Logs FTP Poll None
12. slbld_logs Safe/Block Lists Logs FTP Poll None
13. smad_logs SMA Logs FTP Poll None
14. snmp_logs SNMP Logs FTP Poll None
15. sntpd_logs NTP logs FTP Poll None
16. system_logs System Logs FTP Poll None
17. trackerd_logs Tracking Logs FTP Poll None
18. updater_logs Updater Logs FTP Poll None
19. upgrade_logs Upgrade Logs FTP Poll None

Choose the operation you want to perform:
- NEW - Create a new log.
- EDIT - Modify a log subscription.
- DELETE - Remove a log subscription.
- SETUP - General settings.
- LOGHEADERS - Configure headers to log.
- HOSTKEYCONFIG - Configure SSH host keys.
[]>

sma.dcloud.com> commit

Please enter some comments describing your changes:
[]> keys added

Changes committed: Wed Aug 22 23:19:58 2018 GMT
sma.dcloud.com>