PowerScale: OneFS SSH host key does not match after adding, replacing, or reimaging a node on the cluster

Summary: SSH host key does not match after adding, replacing, or re-imaging a node on the cluster.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

After adding, replacing, or reimaging a node on the cluster, and connecting to it using a secure shell (SSH) connection, you may receive an error stating that the host key is invalid or has changed.

Symptoms

You may see the following error message on the SSH client application:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)

It is also possible that the DSA host key has just been changed.

The fingerprint for the DSA key sent by the remote host is

87:36:08:d9:22:8e:d8:c3:7c:87:ea:65:71:74:89:86.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:6
DSA host key for isilon-2 has changed and you have requested strict checking.
Host key verification failed.

This error may also occur if you are connecting to the SmartConnect name of the cluster or have recently changed the IP range of the cluster.

Cause

SSH Handler is a protocol for establishing secure remote log-ins using Internet Protocol (IP) and SSH uses a public or private key authentication model. When you first connect to a new host, SSH asks to verify its public key. Subsequent connections are checked against this cached key. The warning above informs you that the public key for the host you are connecting to does not match the public key you have cached for this host. In certain cases, this can be caused by a man-in-the-middle attack. When an Isilon node is added to a cluster, the node generates a new public or private key pair and this causes the connection attempt to fail.

Resolution

To resolve this issue, generate a list of the nodes keys and copy them across the cluster.

  1. Log in to any node using the root account.
  2. Run the following command from the command line:
ssh-keyscan -t dsa `isi_nodes %{node} %{internal}` > /root/.ssh/known_hosts; cp /root/.ssh/known_hosts /ifs; isi_for_array -sX cp /ifs/known_hosts /root/.ssh/known_hosts; rm -f /ifs/known_hosts

Note: The above commands should be entered as a single command string.

Affected Products

PowerScale OneFS
Article Properties
Article Number: 000106891
Article Type: Solution
Last Modified: 29 Oct 2025
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.