Welcome, Guest. Please login or register.

Author Topic: SSH discovery fails if keys change... but I have a solution!  (Read 2203 times)

tristanbob

  • Full Member
  • ***
  • Posts: 159
    • View Profile
SSH discovery fails if keys change... but I have a solution!
« on: January 21, 2015, 07:31:42 PM »
I keep seeing several email alerts from Nedi 1.4 that say this:

22) blg-100-sw1 CLI Bridge Fwd error: no working user

I found out that this is because SSH is warning that the key is different from the one in "~/.ssh/known_hosts"

Current:

ssh -o 'StrictHostKeyChecking no' -l nedi 10.1.6.1

Fixed:

ssh -o 'UserKnownHostsFile /dev/null' -o 'StrictHostKeyChecking no' -l nedi 10.1.6.1

Please add this change to Nedi so that it can still find devices with changed SSH keys!

/inc/libcli.pm, line 518 on Nedi 1.4
              my $known = "-o 'UserKnownHostsFile /dev/null' -o 'StrictHostKeyChecking no'";


Tristan
« Last Edit: January 21, 2015, 08:03:31 PM by tristanbob »
Please visit "Other"->"Invoices" on your NeDi installation to make an annual contribution and support Nedi!

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2780
    • View Profile
    • NeDi
Re: SSH discovery fails if keys change... but I have a solution!
« Reply #1 on: January 21, 2015, 11:14:39 PM »
Already in there :)

See usessh in nedi.conf:

# known      = only connects when hostkey is known (add with nedi.pl -k, keyscan or manually with ssh)

You can use strict key handling with -k and -K options. I know someone does it in his network ( >10'000 devices)
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

tristanbob

  • Full Member
  • ***
  • Posts: 159
    • View Profile
Re: SSH discovery fails if keys change... but I have a solution!
« Reply #2 on: January 23, 2015, 06:08:00 PM »
Wow, once again I find something new and cool about Nedi.  Thanks for letting me know about the "-k" option!

Tristan
Please visit "Other"->"Invoices" on your NeDi installation to make an annual contribution and support Nedi!