PowerScale:在群集上添加、替换或重新映像节点后,OneFS SSH 主机密钥不匹配
Summary: 在群集上添加、替换或重新映像节点后,SSH 主机密钥不匹配。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
在群集上添加、替换或重新映像节点并使用安全外壳 (SSH) 连接连接到该节点后,您可能会收到一条错误,指出主机密钥无效或已更改。
症状
您可能会在 SSH 客户端应用程序上看到以下错误消息:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack) It is also possible that the DSA host key has just been changed. The fingerprint for the DSA key sent by the remote host is 87:36:08:d9:22:8e:d8:c3:7c:87:ea:65:71:74:89:86. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:6 DSA host key for isilon-2 has changed and you have requested strict checking. Host key verification failed.
如果您正在连接到群集的 SmartConnect 名称或最近更改了群集的 IP 范围,也可能会发生此错误。
Cause
SSH 处理程序是一种使用 Internet 协议 (IP) 建立安全远程登录的协议,SSH 使用公钥或私钥身份验证模型。首次连接到新主机时,SSH 会要求验证其公钥。将针对此缓存密钥检查后续连接。上面的警告会通知您,要连接到的主机的公钥与您为此主机缓存的公钥不匹配。在某些情况下,这可能是由中间人攻击引起的。将 Isilon 节点添加到群集时,该节点会生成新的公钥或私钥对,这会导致连接尝试失败。
Resolution
要解决此问题,请生成节点密钥的列表,并在整个群集中复制它们。
- 使用 root 帐户登录到任何节点。
- 从命令行运行以下命令:
ssh-keyscan -t dsa `isi_nodes %{node} %{internal}` > /root/.ssh/known_hosts; cp /root/.ssh/known_hosts /ifs; isi_for_array -sX cp /ifs/known_hosts /root/.ssh/known_hosts; rm -f /ifs/known_hosts
提醒:上述命令应作为单个命令字符串输入。
Affected Products
PowerScale OneFSArticle Properties
Article Number: 000106891
Article Type: Solution
Last Modified: 29 Oct 2025
Version: 5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.