SSH and any application that uses SSH to establish connections such as SCP and RSYNC fail to connect to an unmanaged QRadar® appliance. This issue affects procedures such as copying QRadar® SFS files to patch a host to match the Console's version before adding the appliance to the deployment.
The SSH connection attempt fails with the error:
# ssh <Remote Host IP> ERROR: No ECDSA host key is known for <Remote Host IP> and you have requested strict checking. ERROR: Host key verification failed.
When "strict checking" is enforced, the SSH connections to a host require the host's public host key to previously exist in the /root/.ssh/known_hosts file.
On older versions, the missing key entry generated a warning. The administrator could choose Y to proceed with the connection or abort it.
QRadar® 7.4.2 and later.
Resolving The Problem
- Log in to the host originating the SSH connection.
- SSH to the remote host disabling the strict checking. This will add the entry in the /root/.ssh/known_hosts file.
Note: This command is a one-time disabling of the strict check to allow for changes to the known_hosts file. Future attempts will use strict checking.
# ssh <Remote Host IP> -o StrictHostKeyChecking=no Warning: Permanently added '<Remove Host IP> (ECDSA) to the list of known hosts. root@<Remove Host IP> 's password:
- SSH to the remote host and the connection is established.
# ssh <Remote Host IP>