The fix was pretty painless. For me it was (on a JOID jumphost) ssh-keygen -f "/home/ubuntu/.ssh/known_hosts" -R [gerrit.opnfv.org]:29418 and accept the new key on a reclone.
Thanks, Bryan Sullivan | AT&T -----Original Message----- From: opnfv-tech-discuss-boun...@lists.opnfv.org [mailto:opnfv-tech-discuss-boun...@lists.opnfv.org] On Behalf Of Aric Gardner Sent: Sunday, October 02, 2016 4:20 PM To: infra-steer...@lists.opnfv.org; OPNFV Tech <opnfv-tech-discuss@lists.opnfv.org>; Fatih Degirmenci <fatih.degirme...@ericsson.com> Subject: [opnfv-tech-discuss] [announce] Upgrade of Gerrit report. (ssh host key changed) Hello, The upgrade of gerrit to 2.13.1 is complete. And jenkins has been restarted to give it more memory. There is an unfortunate caveat. I did not consider the rsa keys on the old gerrit server would not be compatible with java on the new server the old gerrit server has only one key. ssh_host_key the new gerrit server has ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub I tried to copy over the old ssh_host_key and use it as the rsa key on the new server, but it is in MINA SSHD custom format. Both the public and private halves are stored in the "ssh_host_key" file using a Java serialization format. I searched online, and did not find any utilities to convert this. Gerrit failed to start like so: [2016-10-02 22:32:38,226] [main] WARN org.apache.sshd.common.util.SecurityUtils$BouncyCastleFileKeyPairProvider : Failed (IOException) to load key resource=/opt/gerrit/etc/ssh_host_rsa_key: Failed to read /opt/gerrit/etc/ssh_host_rsa_key - unknown result object: null 18:56 < AlexAvadanii> aricg-: given the time, we could fix this, but it's probably not that easy as converting one file to another using a cli tool ... or if there is such a tool, I can't find it I agree with Alex, but we can't stop using gerrit while we try to fix this unforeseen problem. So going forward, everything works excepting the host key change. Any machine or developer that clones over ssh will see this warning. git clone ssh://jenkins...@gerrit.opnfv.org:29418/releng Initialized empty Git repository in /tmp/releng/.git/ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 46:3a:c5:80:58:7e:24:9e:88:d3:83:29:6c:9a:80:17. Please contact your system administrator. Add correct host key in /home/agardner/.ssh/known_hosts to get rid of this message. Offending key in /home/agardner/.ssh/known_hosts:1 RSA host key for [gerrit.opnfv.org]:29418 has changed and you have requested strict checking. Host key verification failed. you will need to remove the specified line in /home/"Your user"/.ssh/known_hosts:"The line number to delete" and then re-accept the new key. Apologies in advance and best regards, -Aric _______________________________________________ opnfv-tech-discuss mailing list opnfv-tech-discuss@lists.opnfv.org https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss _______________________________________________ opnfv-tech-discuss mailing list opnfv-tech-discuss@lists.opnfv.org https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
