[ovirt-users] Re: ovirt hosted engine restore backup fails: remot host identifaction changed
It sounds like your machine is part of an IPA domain and getting the host
key from IPA if it's in /var/lib/sss/pubconf, in which case it will keep
re-adding the host key to that file every time you attempt to connect to
it. You need to either remove the old host keys from IPA (via webui or
ipa commands) so they don't get re-added to the pubconf file, or remove
the entire host from IPA and then re-join it to the IPA domain so that IPA
has the correct keys.
On Sun, 3 Apr 2022, jeroen.gui(a)telenet.be wrote:
I have a backup file from our ovirt hosted engine. When I try to run
"hosted-engine --deploy --restore-from-file=backup.bck" on the same machine with
a fresh install of ovirt node 4.3 I get this error after some minutes:
[ ERROR ] fatal: [localhost -> ovirt.*mydomain.com*]: FAILED! =>
{"changed": false, "elapsed": 185, "msg": "timed out
waiting for ping module test success: Failed to connect to the host via ssh:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: REMOTE HOST
IDENTIFICATION HAS CHANGED!
@\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT
SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now
(man-in-the-middle attack)!\r\nIt is also possible that a host key has just been
changed.\r\nThe fingerprint for the ECDSA key sent by the remote host
is\nSHA256:aer7BMZyKHhfzMXX4pzVULHN7OwSSNDrCuOyvdmG8sQ.\r\nPlease contact your system
administrator.\r\nAdd correct host key in /dev/null to get rid of this
message.\r\nOffending ED25519 key in /var/lib/sss/pubconf/known_hosts:6\r\nPassword
authentication is disabled to avoid man-in-the-middle attacks.\r\nKeyboard-interactive
authentication is disabled t
o
> avoid man-in-the-middle attacks.\r\nPermission denied
(publickey,gssapi-keyex,gssapi-with-mic,password)."}
>
> I can't find anything in the docs about this problem. I already removed all the
entries in /var/lib/sss/pubconf/known_hosts on my ovirt host machine. But that didn't
change anything. Is their something wrong with the backup. At the moment I have 2 other
hosts running my VM's but no ovirt manager.
>
> _______________________________________________
> Users mailing list -- users(a)ovirt.org
> To unsubscribe send an email to users-leave(a)ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CQYPBO5TDLU...