Home » Forums » Public Forums » General » JumpBox on Amazon EC2

Elastic IP wonks SSH access

Submitted by seancarew on Wed, 03/31/2010 - 4:15pm

I recntly launched lampd on EC2. All was well until I assigned an elastic ip to the instance. I now receive this when I attempt to login using ssh...sftp is unaffected...

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
ba:22:c6:28:50:3c:46:9b:ad:52:86:5f:ec:25:4f:9a.
Please contact your system administrator.
Add correct host key in /Users/admin/.ssh/known_hosts to get rid of this message.
Offending key in /Users/admin/.ssh/known_hosts:4
RSA host key for 174.1********** obscured by me-

Any thoughts, quick fixes? backup will not restore after elastic IP applied...btw.

BTW, this service rocks!

Thanks for your help,

Sean

‹ sudo not working on lampd 64 bit images - Does JumpBox have any plans if/when they might offer these ?? ›
»

Elastic IP wonks SSH access

Submitted by godber on Wed, 03/31/2010 - 5:46pm.

Had you used this Elastic IP before and SSHed to it? This is just how SSH works. It keeps track of the key fingerprint of every host you SSH to and warns you if it is new or changes. SFTP ought to do the same, though behavior may very by client.

As for backups, if you are saying that you can't do a direct upload or S3 based restore after setting an elastic IP, we should take a look at that. Actually, after setting the elastic IP, you probably need to change the public address, though I didn't think that would effect restores.

Austin

»

Elastic IP issue with SSH

Submitted by seancarew on Wed, 03/31/2010 - 11:04pm.

I was able to replicate the ssh issue 3 times (thought I was taking crazy pills) I will try again, only this time I will not ssh in until the Elastic IP is assigned...

Regarding the restoring BU from S3, I tried this as a way to reset the system when ssh started acting up - I was unable to get it to work...I saw the Backup, I clicked restore and while it seemed as if it might work, it very quickly reported a ruby error that looked like an unrendered html page.

---

Application error
Change this error message for exceptions thrown outside of an action (like in Dispatcher setups or broken Ruby code) in public/500.html

---

I am not in 'production' yet, so I am trying to make sure this is stable/predictable - I recommend looking into the backup script for sure... I will send the error next time I come across it.

Thanks for your help,

Sean

»

Elastic IP wonks SSH access

Submitted by godber on Thu, 04/01/2010 - 4:39am.

Let me clarify. SSH is behaving exactly as its designed to. You changed the IP address by which you accessed the system, therefor, SSH warned you. The only resolution to this is to delete the line in the known hosts file like it suggested to begin with:

Add correct host key in /Users/admin/.ssh/known_hosts to get rid of this message.
Offending key in /Users/admin/.ssh/known_hosts:4

That warning is only a problem if you haven't changed the server's SSH key or IP address. So if you see that error later, after fixing it now and after you haven't made any changes to the system, THEN you have a problem.

As far as pursuing the backup. It sounds like you did the following: booted up an AMI, attached an elastic IP, backed it up to S3, then on the SAME instance restored from S3. Is that correct? Or did you boot up a NEW instance and try to restore to that?

Austin

»

SSH - Backup

Submitted by seancarew on Thu, 04/01/2010 - 9:21am.

RE: SSH, thanks... do you know the full path to Users? I looked and could not find (Ubuntu is not my familiar distro)

RE: backup... Yes, I tried it a few ways, I booted the AMI, sshed in made a few changes in /public...'hello world', backedup, then attached an elastic ip, had my issues and then tried to restore from S3 and got the error when I tried to restore in place on top of same running AMI.

--

To clarify, you recommend binding the elastic ip to the AMI then SSH in for first time?

Actually, I just tried that...got the same error...how do I change

Add correct host key in /Users/admin/.ssh/known_hosts to get rid of this message.

without ssh access? What am I missing ?

Sean

»

Elastic IP wonks SSH access

Submitted by godber on Thu, 04/01/2010 - 9:43am.

The file is on the machine (a mac probably, based on /Users/) you are SSHing FROM. Not TO. This is a client side issue.

Austin

»

Clearing out known_hosts

Submitted by seancarew on Thu, 04/01/2010 - 10:10am.

Thanks Austin...

I am a bit out of my depth...is it ok to just delete all the known_hosts in that file? Seems like it would be ok, but I'd thought I'd ask first.

I'll just get prompted when I log in for the cert, right?

Sean

»

Elastic IP wonks SSH access

Submitted by godber on Thu, 04/01/2010 - 10:39am.

Well, the know_hosts file stores the mapping from hostname or IP address to SSH key fingerprint. If you never really SSH to any other hosts, then you can delete it and it will just get recreated. It will store the new Elastic IP and the key that matches it. Then it will silently do its job of verifying that the key matches the IP/hostname every time you SSH in. It will say nothing until there is a mismatch.

So, if you don't think its storing any keys that matter right now you can blow it away. If it is, then all you have to do is delete the lines that it is complaining about, assuming you know WHY its complaining (switching JumpBoxes on an elastic IP would be a known reason for it to complain).

Austin

»

Know Hosts

Submitted by seancarew on Fri, 04/02/2010 - 8:35am.

Thanks - I cleared that file and I'm in...

Sean

»