Bug #71652 | Detect duplicate ssh host keys | ||
---|---|---|---|
Submitted: | 10 Feb 2014 10:29 | Modified: | 24 Feb 2014 12:10 |
Reporter: | Daniël van Eeden (OCA) | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | MySQL Enterprise Monitor | Severity: | S3 (Non-critical) |
Version: | OS: | Any | |
Assigned to: | CPU Architecture: | Any |
[10 Feb 2014 10:29]
Daniël van Eeden
[10 Feb 2014 11:11]
Mark Leith
Hi Daniel, Do the hosts happen to have the same SSH keys defined on them? Because this is used as the host identity, these have to be unique across hosts for us (otherwise it tends to manifest as you describe above). Mark
[13 Feb 2014 13:53]
Daniël van Eeden
Hi Mark, You've guessed correctly: the SSH fingerprints in /etc/ssh/ssh_host_key.pub are the same. It's hard to find this one as ssh seems to use /etc/ssh/ssh_host_rsa_key.pub. The host key used by MEM seems to be the SSHv1 key and the other one is the SSHv2 key. (on RHEL6). I believe this bug report should be changed to: detect and alert on duplicate ssh fingerprings.
[13 Feb 2014 13:54]
Daniël van Eeden
And "ssh-keygen -l -f /etc/ssh/ssh_host_key.pub" should be somewhere in the troubleshooting section of the documentation.
[21 Feb 2014 14:50]
Daniël van Eeden
Changed the title from "Wrong server count in summary" to "Detect duplicate ssh host keys"
[24 Feb 2014 12:10]
Mark Leith
Verifying.