Troubleshooting
Problem
SSH and any application that uses SSH to
establish connections such as SCP and RSYNC fail to connect to an
unmanaged QRadar® appliance. This issue affects procedures such as
copying QRadar® SFS files to patch a host to match the Console's version
before adding the appliance to the deployment.
Symptom
The SSH connection attempt fails with the error:
# ssh <Remote Host IP>
ERROR: No ECDSA host key is known for <Remote Host IP> and you have requested strict checking.
ERROR: Host key verification failed.
Cause
When "strict checking" is enforced, the SSH connections to a host require the host's public host key to previously exist in the /root/.ssh/known_hosts file.
On older versions, the missing key entry generated a warning. The administrator could choose Y to proceed with the connection or abort it.
Environment
QRadar® 7.4.2 and later.
Resolving The Problem
- Log in to the host originating the SSH connection.
- SSH to the remote host disabling the strict checking. This will add the entry in the /root/.ssh/known_hosts file.
Note: This command is a one-time disabling of the strict check to allow for changes to the known_hosts file. Future attempts will use strict checking.
# ssh <Remote Host IP> -o StrictHostKeyChecking=no Warning: Permanently added '<Remove Host IP> (ECDSA) to the list of known hosts. root@<Remove Host IP> 's password:
- SSH to the remote host and the connection is established.
# ssh <Remote Host IP>
Reference:
https://www.ibm.com/support/pages/qradar-ssh-host-fails-error-no-ecdsa-host-key-known-and-you-have-requested-strict-checking
No comments:
Post a Comment