On Wed, Nov 24, 2004 at 07:09:16PM +0000 or thereabouts, Henry Nebrensky wrote:
> As we keep getting "Reading job wrapper" failures I started poking around,
> and I'm puzzled by pool accounts having different SSH known_hosts entries:
> on our [one] WN the /etc/ssh/ssh_known_hosts file and also the individual
> pool accounts' files such as /home/cms001/.ssh/known_hosts contain the
> correct key for the CE and are dated Sep 2 (or else Brunel has really big
> problems, as I've been using that key since Sept 13th!)
>
> However the dteam001 account has /home/dteam001/.ssh/known_hosts dated Jul 22
> and containing an incorrect CE key (though the correct WN key).
Hi Henry,
So with LCG as today the files in /home/dteam001/.ssh/* are in fact
not used or created after installation time since LCG went
to using shosts.equiv over what EDG was doing, what happens now better
that what EDG was doing.
So I expect the known_hosts files in dteam001 was probably created
during a testing period or a remote user doing something odd.
But basically you can wipe the whole of /home/dteam001/.ssh for all
pool accounts if you want to.
>
> Most of the pool accounts seem to have no known_hosts file at all.
>
> How and when do the pool account known_host files get created? Any good
> suggestions on how to identify and update incorrect ones?
>
> The CE key changing sometime before September is believable as that's when
> we were still setting the system up.
>
> Thanks
>
> Henry
>
> In the unlikely event someone recognises it, the rogue key profile is
> 1024 b0:57:9a:b5:6e:c1:14:3a:51:6b:1d:6d:39:8e:fa:d8 dgc-grid-35
>
> --
> Dr. Henry Nebrensky [log in to unmask]
> http://www.brunel.ac.uk/~eesrjjn
> "The opossum is a very sophisticated animal.
> It doesn't even get up until 5 or 6 p.m."
--
Steve Traylen
[log in to unmask]
http://www.gridpp.ac.uk/
|