(Net::SSH::HostKeyMismatch

ruby-talk
1

Hi,

When trying to ssh login, to a host which has been reinstalled, using:

Net::SSH.start( value_hosts, USER, :password => PASS , :paranoid =>
false, :forward_agent => true ) do|ssh, err |

I am getting an error:

/sw/lib/ruby/gems/1.8/gems/net-ssh-1.1.1/lib/net/ssh/host-key-
verifier.rb:47:in `process_cache_miss': fingerprint da:
34:2e:a6:87:c4:c8:49:0e:a1:8e:39:fd:fc:ef:e7 does not match for <IP

(Net::SSH::HostKeyMismatch)

Is there a way to Ignore HostKeyMismatch ?

Net::SSH.start( value_hosts, USER, :password => PASS , :paranoid =>
false, :forward_agent => true ) do|ssh, err |

is not working, i.e the :paranoid => false does not seem to work.

Any hint will be appreciated.

What i am trying to accomplish is to login via ssh, even of the ssh
exchange key is no longer valid since the OS was reinstalled.

i found the following, post but even that does not work:

in order to resolve the HostKeyMismatch, use following in irb:

require 'rubygems'
require 'net/ssh'
include Net

Net::SSH.start( '10.5.30.52', 'root', :password => 'password' ,
:paranoid => false ) do|ssh|

#puts "hello"
  end
rescue Net::SSH::HostKeyMismatch => e
  puts "remembering new key: #{e.fingerprint}"
  e.remember_host!
  retry
end

i get an error:

irb(main):001:0> Net::SSH.start( '10.5.30.52', 'root', :password =>
'password' , :paranoid => false ) do|ssh|
irb(main):002:1* #puts "hello"
irb(main):003:1* end
NameError: uninitialized constant Net
  from (irb):1
irb(main):004:0> rescue Net::SSH::HostKeyMismatch => e
SyntaxError: compile error
(irb):4: syntax error, unexpected kRESCUE
rescue Net::SSH::HostKeyMismatch => e
      ^
(irb):4: syntax error, unexpected tASSOC
rescue Net::SSH::HostKeyMismatch => e
                                   ^
  from (irb):4
irb(main):005:0> puts "remembering new key: #{e.fingerprint}"
NameError: undefined local variable or method `e' for main:Object
  from (irb):5
irb(main):006:0> e.remember_host!
NameError: undefined local variable or method `e' for main:Object
  from (irb):6
irb(main):007:0> retry
LocalJumpError: retry outside of rescue clause
  from /usr/lib/ruby/1.8/irb/workspace.rb:81:in `evaluate'
  from /usr/lib/ruby/1.8/irb/context.rb:219:in `evaluate'
  from /usr/lib/ruby/1.8/irb.rb:150:in `eval_input'
  from /usr/lib/ruby/1.8/irb.rb:263:in `signal_status'
  from /usr/lib/ruby/1.8/irb.rb:147:in `eval_input'
  from /usr/lib/ruby/1.8/irb/ruby-lex.rb:244:in
`each_top_level_statement'
  from /usr/lib/ruby/1.8/irb/ruby-lex.rb:230:in `loop'
  from /usr/lib/ruby/1.8/irb/ruby-lex.rb:230:in
`each_top_level_statement'
  from /usr/lib/ruby/1.8/irb/ruby-lex.rb:229:in `catch'
  from /usr/lib/ruby/1.8/irb/ruby-lex.rb:229:in
`each_top_level_statement'
  from /usr/lib/ruby/1.8/irb.rb:146:in `eval_input'
  from /usr/lib/ruby/1.8/irb.rb:70:in `start'
  from /usr/lib/ruby/1.8/irb.rb:69:in `catch'
  from /usr/lib/ruby/1.8/irb.rb:69:in `start'
  from /usr/bin/irb:13
Maybe IRB bug!!
irb(main):008:0> end
SyntaxError: compile error
(irb):8: syntax error, unexpected kEND
  from (irb):8
irb(main):009:0>

Thanks,
-Kamal.

···

from :0
  from :0
  from :0
  from :0
  from :0
--
Posted via http://www.ruby-forum.com/\.

2

Hi,

When trying to ssh login, to a host which has been reinstalled, using:

Net::SSH.start( value_hosts, USER, :password => PASS , :paranoid =>
false, :forward_agent => true ) do|ssh, err |

I am getting an error:

/sw/lib/ruby/gems/1.8/gems/net-ssh-1.1.1/lib/net/ssh/host-key-
verifier.rb:47:in `process_cache_miss': fingerprint da:
34:2e:a6:87:c4:c8:49:0e:a1:8e:39:fd:fc:ef:e7 does not match for <IP
> (Net::SSH::HostKeyMismatch)

Is there a way to Ignore HostKeyMismatch ?

Net::SSH.start( value_hosts, USER, :password => PASS , :paranoid =>
false, :forward_agent => true ) do|ssh, err |

is not working, i.e the :paranoid => false does not seem to work.

Any hint will be appreciated.

What i am trying to accomplish is to login via ssh, even of the ssh
exchange key is no longer valid since the OS was reinstalled.

i found the following, post but even that does not work:

in order to resolve the HostKeyMismatch, use following in irb:

require 'rubygems'
require 'net/ssh'
include Net

Net::SSH.start( '10.5.30.52', 'root', :password => 'password' ,
:paranoid => false ) do|ssh|

#puts "hello"
  end
rescue Net::SSH::HostKeyMismatch => e
  puts "remembering new key: #{e.fingerprint}"
  e.remember_host!
  retry
end

i get an error:

irb(main):001:0> Net::SSH.start( '10.5.30.52', 'root', :password =>
'password' , :paranoid => false ) do|ssh|
irb(main):002:1* #puts "hello"
irb(main):003:1* end
NameError: uninitialized constant Net
  
This is the important error. You forgot to require 'net/ssh'. (and
possibly rubygems if your system requires it)

···

On 5/18/2010 5:22 AM, Kamal Ahmed wrote:

Thanks,
-Kamal.

3

Kamal Ahmed wrote:

I am getting an error:

/sw/lib/ruby/gems/1.8/gems/net-ssh-1.1.1/lib/net/ssh/host-key-
verifier.rb:47:in `process_cache_miss': fingerprint da:
34:2e:a6:87:c4:c8:49:0e:a1:8e:39:fd:fc:ef:e7 does not match for <IP
> (Net::SSH::HostKeyMismatch)

Is there a way to Ignore HostKeyMismatch ?

Yes - see Net::SSH::Verifiers::Null, which should be selected by
:paranoid=>false.

However, Net::SSH version 1.1.1 is ancient (May 2007), so if it doesn't
work as you expect, that's probably why. Net::SSH 1.1.4 is a year more
recent from the 1.x train, but if I were you I'd switch to Net::SSH 2.
The parameters to Net::SSH.start have changed, but I found that the rest
of my code worked fine.

Having said all that, it would be better simply to remove the offending
entry from .ssh/known_hosts. Net::SSH is telling you that the host
you're connecting to is different from the one you previously connected
to (which is true, since you reinstalled it)

···

--
Posted via http://www.ruby-forum.com/\.

4

Brian Candler wrote:

Kamal Ahmed wrote:

I am getting an error:

/sw/lib/ruby/gems/1.8/gems/net-ssh-1.1.1/lib/net/ssh/host-key-
verifier.rb:47:in `process_cache_miss': fingerprint da:
34:2e:a6:87:c4:c8:49:0e:a1:8e:39:fd:fc:ef:e7 does not match for <IP
> (Net::SSH::HostKeyMismatch)

Is there a way to Ignore HostKeyMismatch ?

Yes - see Net::SSH::Verifiers::Null, which should be selected by
:paranoid=>false.

However, Net::SSH version 1.1.1 is ancient (May 2007), so if it doesn't
work as you expect, that's probably why. Net::SSH 1.1.4 is a year more
recent from the 1.x train, but if I were you I'd switch to Net::SSH 2.
The parameters to Net::SSH.start have changed, but I found that the rest
of my code worked fine.

Having said all that, it would be better simply to remove the offending
entry from .ssh/known_hosts. Net::SSH is telling you that the host
you're connecting to is different from the one you previously connected
to (which is true, since you reinstalled it)

I actually FOUND the solution:

Net::SSH.start( value_hosts, USER, :password => PASS , :paranoid =>
false ) do|ssh |
                        # The rescue block is used to ignore the change
in key and still login using ssh
                        begin
                        rescue Net::SSH::HostKeyMismatch => e
                          puts "remembering new key: #{e.fingerprint}"
                          e.remember_host!
                          retry

                        end

Thanks,
-Kamal.

···

--
Posted via http://www.ruby-forum.com/\.

5

I actually FOUND the solution:

You seem to have misspelled "DOS vector" :slight_smile:

Net::SSH.start( value_hosts, USER, :password => PASS , :paranoid =>
false ) do|ssh |
# The rescue block is used to ignore the change
in key and still login using ssh
begin
rescue Net::SSH::HostKeyMismatch => e
puts "remembering new key: #{e.fingerprint}"
e.remember_host!
retry
end

And wouldn't it be amusing if a malicious compromised host just kept
on providing a different host key to each request ...

···

On Tue, May 18, 2010 at 2:19 PM, Kamal Ahmed <kamal2222ahmed@yahoo.com> wrote:

--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
twitter: @hassan