Francois my Hero! :)
That did the trick. I had to do some editing on the /root/.ssh/known_host
files first to delete some of the information from our original work over a
year ago. But after that it was clear sailing.
<In by most annoying whiny voice>
But I have almost 700 Devices on my networks! You mean I will have to
repeat this process for each of those devices?
<end of whining >
Something tells me I have some new script writing in my future, or I will be
giving my 1 assistant a very boring and tedious job :)
Thanks again for getting me back on track.
mlh
[root@pf1 pf]# ssh [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
1c:a2:52:d5:80:df:3b:39:e7:69:26:de:26:0d:90:db.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:4
RSA host key for 10.xx.yy.zz has changed and you have requested strict checking.
Host key verification failed.
[root@pf1 pf]#
-----Original Message-----
From: Francois Gaudreault [mailto:[email protected]]
Sent: Friday, October 14, 2011 8:30 AM
To: [email protected]
Subject: Re: [Packetfence-users] Webpage redirection after completing
registration
Michael,
Try this. Log in your server as root, try to connect SSH to your device.
Accept the SSH key.
Now do "su - pf", this will pop a shell with the pf user rights. Do the same
thing, try to SSH to your device and accept the SSH key.
On 11-10-14 11:04 AM, Hart, Michael wrote:
> Olivier,
>
> There are 2 WAP models in question, both are Cisco.
> The one the Inverse team assisted with configuring is an
> AIR-AP1231G-A-K9. (This is the one that work correctly when connected to the
> cisco 3750 that Inverse also assisted configuring) The other is an
> AIR-AP1252G-A-K9.
>
> They do use SSH for deauth (the switches use telnet - for some reason). I
> don't remember having to log into either the PF server or Switch, or WAP to
> accept any SSH key, but I could very well be mistaken. If this process
> documented anywhere? I looked in the v3 Administration and
> Network_Device_Configuration guides, but nothing popped out at me. And I
> have already gotten myself into trouble by following some of the steps in the
> Network_device_configuration_guide where it told me I needed to make entries
> in the /etc./clients.conf files when I was not supposed to. So I am a bit
> leery of this documentation.
>
> What logs do you want output from? I am happy to supply you with any
> information you need to help resolve this issue.
> mlh
>
> -----Original Message-----
> From: Olivier Bilodeau [mailto:[email protected]]
> Sent: Friday, October 14, 2011 7:18 AM
> To: [email protected]
> Subject: Re: [Packetfence-users] Webpage redirection after completing
> registration
>
>
>
>> I have a new challenge for the group.
>>
> What WAP are you using? If it's one that performs it's deauth in telnet/ssh
> then in ssh's case you need to manually connect to the WAP as user root and
> pf to accept the ssh keys of the WAP.
>
> Otherwise we will need more log evidence.
>
> --
> Olivier Bilodeau
> [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
> (www.packetfence.org)
>
>
>
> ----------------------------------------------------------------------
> -------- All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity and more. Splunk takes this data
> and makes sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2d-oct
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> ----------------------------------------------------------------------
> -------- All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity and more. Splunk takes this data
> and makes sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2d-oct
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
--
Francois Gaudreault, ing. jr
[email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse
inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
