If this is the case, what i have done on my ovirt nodes that are part of an IPA domain is to simply remove the following entries from the ssh_config:
GlobalKnownHostsFile
VerifyHostKeyDNS
ProxyCommand

I have created a small ansible bootstrap playbook for ovirt nodes which is part of it.

- name: Configure ssh_config (comment out)
lineinfile:
dest: /etc/ssh/ssh_config
backrefs: yes
regexp: "^({{ item }}) (.*)"
line: '# \1 \2'
loop:
- GlobalKnownHostsFile
- VerifyHostKeyDNS
- ProxyCommand



On Mon, Apr 4, 2022 at 5:42 PM Sketch <ovirt@rednsx.org> wrote:
It sounds like your machine is part of an IPA domain and getting the host
key from IPA if it's in /var/lib/sss/pubconf, in which case it will keep
re-adding the host key to that file every time you attempt to connect to
it.  You need to either remove the old host keys from IPA (via webui or
ipa commands) so they don't get re-added to the pubconf file, or remove
the entire host from IPA and then re-join it to the IPA domain so that IPA
has the correct keys.

On Sun, 3 Apr 2022, jeroen.gui@telenet.be wrote:

> I have a backup file from our ovirt hosted engine. When I try to run "hosted-engine --deploy --restore-from-file=backup.bck" on the same machine with a fresh install of ovirt node 4.3 I get this error after some minutes:
>
>
> [ ERROR ] fatal: [localhost -> ovirt.*mydomain.com*]: FAILED! => {"changed": false, "elapsed": 185, "msg": "timed out waiting for ping module test success: Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ECDSA key sent by the remote host is\nSHA256:aer7BMZyKHhfzMXX4pzVULHN7OwSSNDrCuOyvdmG8sQ.\r\nPlease contact your system administrator.\r\nAdd correct host key in /dev/null to get rid of this message.\r\nOffending ED25519 key in /var/lib/sss/pubconf/known_hosts:6\r\nPassword authentication is disabled to avoid man-in-the-middle attacks.\r\nKeyboard-interactive authentication is disabled t
 o
> avoid man-in-the-middle attacks.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password)."}
>
> I can't find anything in the docs about this problem. I already removed all the entries in /var/lib/sss/pubconf/known_hosts on my ovirt host machine. But that didn't change anything. Is their something wrong with the backup. At the moment I have 2 other hosts running my VM's but no ovirt manager.
>
> _______________________________________________
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-leave@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/CQYPBO5TDLUKSVS7WW3T6OXMGGOJVHFW/
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/CS5SMQH7SCHPFJ2DHCD53GVBZC3F5ICH/