[REDFISH-1] Not copying ssh key files to RC from Build server Created: 11/Apr/19  Updated: 11/Apr/19  Resolved: 11/Apr/19

Status: Done
Project: Redfish
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Medium
Reporter: Indumathi Buddi Assignee: David Plunkett
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Microsoft Word MobaXterm_ubuntu@build-servervarlogakraino_20190411_120831.rtf    

 Description   

Hello,

We are trying to setup RC from Build server. we ran install_server_os.sh file as per the instructions provided under Akraino wiki. While running this script, everything is going smoothly but when copying the ssh key files from build server to RC node those are not copying properly and we got an error. Please see the below error:

Getting new host keys for [10.51.34.230]

  1. 10.51.34.230:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.7
    copying user key to [root@10.51.34.230]
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ubuntu/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)!
ERROR: It is also possible that a host key has just been changed.
ERROR: The fingerprint for the ECDSA key sent by the remote host is
ERROR: SHA256:AT19rCR6FK/a+5lQcXpb0UCIphRchjcFS3mCad1f6Ng.
ERROR: Please contact your system administrator.
ERROR: Add correct host key in /root/.ssh/known_hosts to get rid of this message.
ERROR: Offending ECDSA key in /root/.ssh/known_hosts:1
ERROR: remove with:
ERROR: ssh-keygen -f "/root/.ssh/known_hosts" -R 10.51.34.230
ERROR: ECDSA host key for 10.51.34.230 has changed and you have requested strict checking.
ERROR: Host key verification failed.

Running first boot script
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:AT19rCR6FK/a+5lQcXpb0UCIphRchjcFS3mCad1f6Ng.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:1
remove with:
ssh-keygen -f "/root/.ssh/known_hosts" -R 10.51.34.230
ECDSA host key for 10.51.34.230 has changed and you have requested strict checking.
Host key verification failed.
FAILED: Unable to run firstboot script on new server

 

By understanding install_server_os.sh script that, it suppose to copy ssh key files automatically from build server to RC node, but here in this case it is not. Ran this script from scratch multiple times and same issue came up again. Please see the attached logs for quick reference. Please take a look at the error and let me know.

 Comments   
Comment by Indumathi Buddi [ 11/Apr/19 ]

Thanks FYI, David. The provided solution resolved the issue.

Comment by David Plunkett [ 11/Apr/19 ]

Based on your logs, you are using sudo/su in a way that did not set your environmental variables such as $HOME to the correct settings for the root user.  You can see in the logs that you are running as user root, but the $HOME variable is still set to /home/ubunut.  The logs also show that the $HOME/.ssh/ files are owned by a mix of root and ubuntu.  Because $HOME is not correctly set, the wrong files are being used by the ssh key commands.  Specifically the install is failing to update the authorized_keys file which is owned by ubuntu.  There are many ways to address this.  If you are using sudo th change to root, then use sudo -i to create a new interactive shell with the correct environment variables.

 

Relevant log entries:

Setting up ssh keys for user [root] with home [/home/ubuntu]

  Removing any old host keys for [10.51.34.230]

total 16

rw------ 1 ubuntu ubuntu  402 Apr  9 12:57 authorized_keys

rw------ 1 root   root   1675 Apr 10 15:07 id_rsa

rw-rr- 1 root   root    399 Apr 10 15:07 id_rsa.pub

rw-rr- 1 root   root   1548 Apr 11 16:11 known_hosts

  1. Host 10.51.34.230 found: line 4

/home/ubuntu/.ssh/known_hosts updated.

 

Generated at Sat Feb 10 06:05:00 UTC 2024 using Jira 9.4.5#940005-sha1:e3094934eac4fd8653cf39da58f39364fb9cc7c1.