Can't juju ssh to one of my units

Derek DeMoss derekd at darkhorse.com
Tue Feb 14 23:59:03 UTC 2017 

Hey Sam,
Thank you for the help!

Sadly, the problem appears to be unrelated...

Ran the upgrades and then tried to manually ssh again, but I wound up on the wrong host.

It turns out that MAAS had stomped on the IP address with one of my Ceph Monitors' Auto Assigned addresses - ignoring the reserved range...  Gotta figure that out next.

MAAS Version 2.1.2+bzr5555-0ubuntu1

Derek DeMoss
Dark Horse Comics, Inc.
System Administrator I
"Truth...  Is where you seek it."-Lomar

> On Feb 13, 2017, at 3:15 PM, Samuel Cozannet <samuel.cozannet at canonical.com> wrote:
> 
> Hi Derek,
> 
> You need to upgrade your Juju to 2.0.3 at least. This is a known issue (I am all thumbs so can't find the LP ref right now but there are a bunch of tickets about it)
> 
> To do so, first upgrade your controller:
> 
> sudo apt update && sudo apt upgrade
> juju switch controller
> juju upgrade-juju
> 
> Then upgrade units of the model
> 
> juju switch <model>
> juju upgrade-juju
> 
> If this doesn't work out for you, I had success with upgrading a controller to 2.1-beta5 by adding the devel ppa, upgrading locally, upgrading the controller, then the units.
> 
> 
> Let us know how it gets for you,
> Best
> Sam
> 
> On Feb 13, 2017 21:52, "Derek DeMoss" <derekd at darkhorse.com <mailto:derekd at darkhorse.com>> wrote:
> Hey All,
> I'm getting a host key verification failure when I try to juju ssh to one of my units.
> 
> username at os-nuc-01:~/.ssh$ juju ssh  postgresql/14 -v
> OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g  1 Mar 2016
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug1: Connecting to <ip address> [<ip address>] port 22.
> debug1: Connection established.
> debug1: identity file /home/username/.local/share/juju/ssh/juju_id_rsa type 1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/username/.local/share/juju/ssh/juju_id_rsa-cert type -1
> debug1: identity file /home/username/.ssh/id_rsa type 1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/username/.ssh/id_rsa-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
> debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 pat OpenSSH* compat 0x04000000
> debug1: Authenticating to <ip address>:22 as 'ubuntu'
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: algorithm: curve25519-sha256 at libssh.org <mailto:curve25519-sha256 at libssh.org>
> debug1: kex: host key algorithm: ecdsa-sha2-nistp256
> debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com <mailto:chacha20-poly1305 at openssh.com> MAC: <implicit> compression: none
> debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com <mailto:chacha20-poly1305 at openssh.com> MAC: <implicit> compression: none
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: Server host key: ecdsa-sha2-nistp256 SHA256:th86nMHQbr0RyuXXnsrBbeOs2JkchFl6gXVBY7p6S2k
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that a host key has just been changed.
> The fingerprint for the ECDSA key sent by the remote host is
> SHA256:th86nMHQbr0RyuXXnsrBbeOs2JkchFl6gXVBY7p6S2k.
> Please contact your system administrator.
> Add correct host key in /tmp/ssh_known_hosts736182584 to get rid of this message.
> Offending RSA key in /tmp/ssh_known_hosts736182584:7
>   remove with:
>   ssh-keygen -f "/tmp/ssh_known_hosts736182584" -R <ip address>
> ECDSA host key for <ip address> has changed and you have requested strict checking.
> Host key verification failed.
> 
> 
> If I just do: ssh ubuntu@<unit ip address> it connects just fine.
> 
> So my question is, where is Juju getting the original for /tmp/ssh_known_hosts736182584:7
> 
> I've tried searching a bunch on my juju-controller machine, but I haven't been able to find anything that looks like the problematic known_hosts file...
> 
> All the other machines/units are juju ssh-able, and I have no idea why this one would be different [other than the drive filled up from postgresql, and I had to clear some WAL files before things got running again].
> 
> Any insight or help would be appreciated!
> Derek DeMoss
> Dark Horse Comics, Inc.
> System Administrator I
> "Truth...  Is where you seek it."-Lomar
> 
> 
> --
> Juju mailing list
> Juju at lists.ubuntu.com <mailto:Juju at lists.ubuntu.com>
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju <https://lists.ubuntu.com/mailman/listinfo/juju>
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20170214/8a06b908/attachment.html>

More information about the Juju mailing list