Technical Note: [Accelops KB] How to reset SSH key

Summary of Topic

After I replace target Unix/Linux server with the same IP address, SSH credential does not work with correct user ID and password. Device discovery is fails.

Solution Step

AO VA keeps RSA public key of target SSH server. To protect from Man-in-the-middle attack, SSH does not allow the key to be updated automatically so the discovery fails. You need to delete old key and re-discover the target device.

1. Please login to your AO host via SSH as root

• You can log into your AO device using an SSH host such as putty or securecrt

2. Run the command: cd /opt/phoenix/bin/.ssh

• Please note that the "." is not a typo, the above directory path is correct

3. Please run the command: vi known_hosts

• vi is a common Linux Utility for text editing

4. Find the IP address that you want to reset the SSH key for

• Under this text editor you should be able to navigate using the arrow keys
• The line should look similar to: "X.X.X.X ssh-rsa"
• ALTERNATIVELY you can type "/<YOUR_IP>" and hit [ENTER] and the cursor will move to that line (eg. /172.16.10.10)

5. Delete the entry of the device's IP

• Press 'dd' and that will remove the line

6. To save the changes press the follow keys: [ESC] [:] [w][q] [ENTER]

• This will save the file and it should allow you to exit back out into the prompt

Alternate Solution Step

Change your user account to admin

• su - admin

User the following instructions to remove the SSH key to the device IP

• ssh-keygen -R <DEVICE_IP>

Here is the output as an example:

[root@myhost .ssh]# su - admin
[admin@myhost ~]$ ssh-keygen -R 64.29.235.1
/opt/phoenix/bin/.ssh/known_hosts updated.
Original contents retained as /opt/phoenix/bin/.ssh/known_hosts.old

Version Application

All