I think I understand why this happened. Recently, the connectivity to 2 of the hosts ($HOST_A and $HOST_B) changed so that they needed to be accessed via a gateway. So in my `fabfile.py`, I added:
env.gateway = $GATEWAY_HOST This works fine for the 2 affected hosts. The 3rd host was in my ~/.ssh/known_hosts, though, and the fingerprint did not match because of the gateway. When I deleted the entry, I shelled in to test the connection, but that put the key back in know_hosts. Thanks, Carl ----- Original Message ----- From: "Ben Abrams" <b...@benabrams.it> To: "Carl Waldbieser" <waldb...@lafayette.edu> Cc: "fab-user" <fab-user@nongnu.org> Sent: Wednesday, December 10, 2014 1:33:42 PM Subject: Re: [Fab-user] Need debugging advice for host key error Carl, Did someone regenerate the host key fingerprint? While its trivial to ignore it does open you up for a man in the middle. I would verify that everything is good before doing anything like this. Here is some documentation on ssh behavior with fabric: http://docs.fabfile.org/en/latest/usage/ssh.html You have several options: 1. Fix your (or whatever user fab is running as) .ssh/known_hosts to not have the conflict (ie delete the offending key) 2. Change .ssh/config for host (list of hosts to use something like StrictHostKeyChecking=no or UserKnownHostsFile=/dev/null) 3. You could also do this by modifying the behavior of fabric to not care by setting env.disable_known_hosts=True Hope this helps you On Wed, Dec 10, 2014 at 10:20 AM, Waldbieser, Carl <waldb...@lafayette.edu> wrote: > > Use fabric to retrieve a bunch of files from a set of hosts each day. > However, one host started giving me the following error: > > Fatal error: Host key for $MYHOST did not match pre-existing key! > Server's key was changed recently, or possible man-in-the-middle attack. > Underlying exception: > ('$MYHOST', <paramiko.rsakey.RSAKey object at 0x13e36d0>, > <paramiko.rsakey.RSAKey object at 0x13e5490>) > > (I changed the actual host name to $MYHOST). > > I thought an admin had just re-IP'd the host. But I could ssh to it > without a warning-- how strange. > I removed the entry from my known_hosts file anyway. I verified I could > shell in. Then I ran fabric and got the same result. > I can get the result by executing something as simple as: > > $ fab -H "$MYHOST" -- ls > > The following short paramiko script seems to work, though: > > #! /usr/bin/env python > > import paramiko.client > > c = paramiko.client.SSHClient() > c.load_system_host_keys() > c.connect("ldap6") > t = c.exec_command("ls") > print t[1].read() > c.close() > > So I am not exactly sure where to look next. Has anyone run into this > puzzling behavior? > > Thanks, > Carl Waldbieser > ITS System Programmer > Lafayette College > > > _______________________________________________ > Fab-user mailing list > Fab-user@nongnu.org > https://lists.nongnu.org/mailman/listinfo/fab-user > -- Ben Abrams Computer Consultant 702-900-7926 benabrams.it m...@benabrams.it _______________________________________________ Fab-user mailing list Fab-user@nongnu.org https://lists.nongnu.org/mailman/listinfo/fab-user