Hi,
Per the below…this happens about 10% of the time. Why does this
happen? This just happened three times in a row.
ubuntu@ubuntu:~/.chef$ knife ec2 server create -r
"role[monitor_server]" -E development --region ap-southeast-1 -Z
ap-southeast-1a -I ami-c4622596 --flavor m1.medium -G nginx -x ubuntu
-S sg_development -i /home/ubuntu/.ec2/sg_development.pem
Instance ID: i-ba8a5dee
Flavor: m1.medium
Image: ami-c4622596
Region: ap-southeast-1
Availability Zone: ap-southeast-1a
Security Groups: nginx
SSH Key: sg_development
Waiting for server…
Public DNS Name: ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com
Public IP Address: 46.137.237.153
Private DNS Name: ip-10-131-34-124.ap-southeast-1.compute.internal
Private IP Address: 10.131.34.124
Waiting for sshd.done
Bootstrapping Chef on ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com
ERROR: Net::SSH::HostKeyMismatch: fingerprint
f2:50:06:7a:7c:dc:e3:94:08:89:a4:ae:04:3c:ab:a9 does not match for
"ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com,46.137.237.153"
On Monday, April 16, 2012 at 9:22 PM, David Montgomery wrote:
Hi,
Per the below....this happens about 10% of the time. Why does this
happen? This just happened three times in a row.
ubuntu@ubuntu:~/.chef$ knife ec2 server create -r
"role[monitor_server]" -E development --region ap-southeast-1 -Z
ap-southeast-1a -I ami-c4622596 --flavor m1.medium -G nginx -x ubuntu
-S sg_development -i /home/ubuntu/.ec2/sg_development.pem
Instance ID: i-ba8a5dee
Flavor: m1.medium
Image: ami-c4622596
Region: ap-southeast-1
Availability Zone: ap-southeast-1a
Security Groups: nginx
SSH Key: sg_development
Waiting for server..............
Public DNS Name: ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com (http://ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com)
Public IP Address: 46.137.237.153
Private DNS Name: ip-10-131-34-124.ap-southeast-1.compute.internal
Private IP Address: 10.131.34.124
Waiting for sshd.done
Bootstrapping Chef on ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com (http://ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com)
ERROR: Net::SSH::HostKeyMismatch: fingerprint
f2:50:06:7a:7c:dc:e3:94:08:89:a4:ae:04:3c:ab:a9 does not match for
"ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com (http://ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com),46.137.237.153"
It's exactly what it says. SSH strict host key checking is enabled, and you have a different fingerprint for this IP/hostname in your known_hosts file.
--
Dan DeLeo
How is that disabled? I find that especially when dealing with ec2
instances this is a huge nuisance. Disabling strict host key checking in
general (per
Chef Support for Automation & DevOps | Chef)
seems to miss how there are two use cases. In one, in general, I don't
want ssh to ssh into a host whose host key has changed. However with knife
I am sure that amazon has given me an address and I should just ignore any
host key conflicts and bootstrap.
It seems that even if the option can't be manipulated directly in the
Net::SSH API (I'm not sure if it can or can't) it'd be nice to be able to
default it to having the known_hosts file = /dev/null when using knife,
e.g. per http://net-ssh.github.com/ssh/v2/api/classes/Net/SSH/Config.html.
-Peter
On Tue, Apr 17, 2012 at 1:11 AM, Daniel DeLeo dan@kallistec.com wrote:
On Monday, April 16, 2012 at 9:22 PM, David Montgomery wrote:
Hi,
Per the below....this happens about 10% of the time. Why does this
happen? This just happened three times in a row.
ubuntu@ubuntu:~/.chef$ knife ec2 server create -r
"role[monitor_server]" -E development --region ap-southeast-1 -Z
ap-southeast-1a -I ami-c4622596 --flavor m1.medium -G nginx -x ubuntu
-S sg_development -i /home/ubuntu/.ec2/sg_development.pem
Instance ID: i-ba8a5dee
Flavor: m1.medium
Image: ami-c4622596
Region: ap-southeast-1
Availability Zone: ap-southeast-1a
Security Groups: nginx
SSH Key: sg_development
Waiting for server..............
Public DNS Name: ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com(
http://ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com)
Public IP Address: 46.137.237.153
Private DNS Name: ip-10-131-34-124.ap-southeast-1.compute.internal
Private IP Address: 10.131.34.124
Waiting for sshd.done
Bootstrapping Chef on
ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com (
http://ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com)
ERROR: Net::SSH::HostKeyMismatch: fingerprint
f2:50:06:7a:7c:dc:e3:94:08:89:a4:ae:04:3c:ab:a9 does not match for
"ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com (
http://ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com
),46.137.237.153"
It's exactly what it says. SSH strict host key checking is enabled, and
you have a different fingerprint for this IP/hostname in your known_hosts
file.
--
Dan DeLeo
On Tue, Apr 17, 2012 at 7:22 AM, Peter Norton pn+chef-list@knewton.com wrote:
How is that disabled? I find that especially when dealing with ec2
instances this is a huge nuisance. Disabling strict host key checking in
man ssh_config will give you what you need.
TL;DR, try something like:
$ echo >> ~/.ssh/config
Host *.compute.amazonaws.com
StrictHostKeyChecking no
Andrea
I'm not sure that hits the use case I was talking about, though. It looks
like knife's bootstrap.rb will disable host key checking if passed
--no-host-key-verify, but I think that's appropriate for a config option in
knife.rb - possibly for both bootstrap and ssh commands, though possibly
allowing for separate config options. Currently this seems like it can
only be set at the command line.
-Peter
On Tue, Apr 17, 2012 at 2:40 AM, Andrea Campi
andrea.campi@zephirworks.comwrote:
On Tue, Apr 17, 2012 at 7:22 AM, Peter Norton pn+chef-list@knewton.com
wrote:
How is that disabled? I find that especially when dealing with ec2
instances this is a huge nuisance. Disabling strict host key checking in
man ssh_config will give you what you need.
TL;DR, try something like:
$ echo >> ~/.ssh/config
Host *.compute.amazonaws.com
StrictHostKeyChecking no
Andrea