http://lmgtfy.com/?q=Offending+key+in+%2Froot%2F.ssh%2Fknown_hosts
rm -rf /root/.ssh/known_hosts
-----Original Message-----
From: rancid-discuss-***@shrubbery.net [mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Wagner Pereira
Sent: Tuesday, April 13, 2010 1:20 PM
To: Rancid Mailing List
Subject: [rancid] Re: New device on .cloginrc
Ryan,
I changed this:
add method 10.0.0.2 {telnet} {ssh}
To this:
add method 10.0.0.2 {ssh} {telnet}
But now, the error has changed...(ok, if "Update the SSH known_hosts
file accordingly." is the answer, how can I do that?)
-----------------------
/home/rancid/bin/clogin 10.0.0.2
10.0.0.2
spawn telnet 10.0.0.2
Trying 10.0.0.2...
telnet: Unable to connect to remote host: Connection refused
spawn ssh -c 3des -x -l root 10.0.0.2
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
8f:23:61:b6:03:36:e0:7c:d2:e6:5c:0c:37:5d:c5:fe.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:1
RSA host key for 10.0.0.2 has changed and you have requested strict
checking.
Host key verification failed.
Error: The host key for 10.0.0.2 has changed. Update the SSH
known_hosts file accordingly.
-----------------------
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901
Post by Ryan WestCommand line check that you connect to that device using telnet or ssh. If you can't, fix that first. If you want to connect via SSH, then change your connection method in your .cloginrc file.
-ryan
-----Original Message-----
Sent: Tuesday, April 13, 2010 3:47 PM
Subject: [rancid] Re: New device on .cloginrc
Ryan,
You were right concerning to the rsa key.
I ran the "crypto key generate rsa" command in my Cisco router, choosing
1024 bits. It worked.
But now the error changed, as follows (it seems like the ssh connection
---------------------
/home/rancid/bin/clogin 10.0.0.2
10.0.0.2
spawn telnet 10.0.0.2
Trying 10.0.0.2...
telnet: Unable to connect to remote host: No route to host
Error: Couldn't login: 10.0.0.2
---------------------
What's next?
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
Tel. (11) 3091-8901
Post by Ryan West-----Original Message-----
Sent: Tuesday, April 13, 2010 9:34 AM
Subject: [rancid] Re: New device on .cloginrc
Hi, Marty.
It sounds wrong, I suppose, because the Rancid is still running over
other device perfectly.
----------------------
/home/rancid/bin/clogin 10.0.0.2
10.0.0.2
spawn telnet 10.0.0.2
Trying 10.0.0.2...
telnet: Unable to connect to remote host: Connection refused
spawn ssh -c 3des -x -l root 10.0.0.2
ssh_rsa_verify: RSA modulus too small: 512< minimum 768 bits
key_verify failed for server_host_key
Error: Couldn't login: 10.0.0.2
----------------------
Try googling the ss_rsa_verify output. I imagine the device you're
connecting to is rather old, you should try to run a 1024 bit key at the
minimum. I would recommend using a 2048 bit key if you can, but if it's an
older device, be prepared to wait a while. You may be able to change how
RANCID connects to the device, but I think you would be off gen'ing a new key
on the device instead.
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-***@shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
This transmission is intended only for use by the intended
recipient(s). If you are not an intended recipient you should not read, disclose copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments.