(Net::SSH::HostKeyMismatch

Ruby
1

Hi,

When trying to ssh login, to a host which has been reinstalled, using:

Net::SSH.start( value_hosts, USER, :password => PASS , :paranoid =>
false, :forward_agent => true ) do|ssh, err |

I am getting an error:

/sw/lib/ruby/gems/1.8/gems/net-ssh-1.1.1/lib/net/ssh/host-key-
verifier.rb:47:in `process_cache_miss’: fingerprint da:
34:2e:a6:87:c4:c8:49:0e:a1:8e:39:fd:fc:ef:e7 does not match for (Net::SSH::HostKeyMismatch)

Is there a way to Ignore HostKeyMismatch ?

Net::SSH.start( value_hosts, USER, :password => PASS , :paranoid =>
false, :forward_agent => true ) do|ssh, err |

is not working, i.e the :paranoid => false does not seem to work.

Any hint will be appreciated.

What i am trying to accomplish is to login via ssh, even of the ssh
exchange key is no longer valid since the OS was reinstalled.

i found the following, post but even that does not work:

in order to resolve the HostKeyMismatch, use following in irb:

require ‘rubygems’
require ‘net/ssh’
include Net

Net::SSH.start( ‘10.5.30.52’, ‘root’, :password => ‘password’ ,
:paranoid => false ) do|ssh|

#puts “hello”
end
rescue Net::SSH::HostKeyMismatch => e
puts “remembering new key: #{e.fingerprint}”
e.remember_host!
retry
end

i get an error:

irb(main):001:0> Net::SSH.start( ‘10.5.30.52’, ‘root’, :password =>
‘password’ , :paranoid => false ) do|ssh|
irb(main):002:1* #puts “hello”
irb(main):003:1* end
NameError: uninitialized constant Net
from (irb):1
from :0
irb(main):004:0> rescue Net::SSH::HostKeyMismatch => e
SyntaxError: compile error
(irb):4: syntax error, unexpected kRESCUE
rescue Net::SSH::HostKeyMismatch => e
^
(irb):4: syntax error, unexpected tASSOC
rescue Net::SSH::HostKeyMismatch => e
^
from (irb):4
from :0
irb(main):005:0> puts “remembering new key: #{e.fingerprint}”
NameError: undefined local variable or method e' for main:Object from (irb):5 from :0 irb(main):006:0> e.remember_host! NameError: undefined local variable or methode’ for main:Object
from (irb):6
from :0
irb(main):007:0> retry
LocalJumpError: retry outside of rescue clause
from /usr/lib/ruby/1.8/irb/workspace.rb:81:in evaluate' from /usr/lib/ruby/1.8/irb/context.rb:219:inevaluate’
from /usr/lib/ruby/1.8/irb.rb:150:in eval_input' from /usr/lib/ruby/1.8/irb.rb:263:insignal_status’
from /usr/lib/ruby/1.8/irb.rb:147:in eval_input' from /usr/lib/ruby/1.8/irb/ruby-lex.rb:244:ineach_top_level_statement’
from /usr/lib/ruby/1.8/irb/ruby-lex.rb:230:in loop' from /usr/lib/ruby/1.8/irb/ruby-lex.rb:230:ineach_top_level_statement’
from /usr/lib/ruby/1.8/irb/ruby-lex.rb:229:in catch' from /usr/lib/ruby/1.8/irb/ruby-lex.rb:229:ineach_top_level_statement’
from /usr/lib/ruby/1.8/irb.rb:146:in eval_input' from /usr/lib/ruby/1.8/irb.rb:70:instart’
from /usr/lib/ruby/1.8/irb.rb:69:in catch' from /usr/lib/ruby/1.8/irb.rb:69:instart’
from /usr/bin/irb:13
Maybe IRB bug!!
irb(main):008:0> end
SyntaxError: compile error
(irb):8: syntax error, unexpected kEND
from (irb):8
from :0
irb(main):009:0>

Thanks,
-Kamal.

2

On 5/18/2010 5:22 AM, Kamal A. wrote:

I am getting an error:
false, :forward_agent => true ) do|ssh, err |
i found the following, post but even that does not work:
#puts “hello”

irb(main):001:0> Net::SSH.start( ‘10.5.30.52’, ‘root’, :password =>
‘password’ , :paranoid => false ) do|ssh|
irb(main):002:1* #puts “hello”
irb(main):003:1* end
NameError: uninitialized constant Net

This is the important error. You forgot to require ‘net/ssh’. (and
possibly rubygems if your system requires it)

3

Kamal A. wrote:

I am getting an error:

/sw/lib/ruby/gems/1.8/gems/net-ssh-1.1.1/lib/net/ssh/host-key-
verifier.rb:47:in `process_cache_miss’: fingerprint da:
34:2e:a6:87:c4:c8:49:0e:a1:8e:39:fd:fc:ef:e7 does not match for (Net::SSH::HostKeyMismatch)

Is there a way to Ignore HostKeyMismatch ?

Yes - see Net::SSH::Verifiers::Null, which should be selected by
:paranoid=>false.

However, Net::SSH version 1.1.1 is ancient (May 2007), so if it doesn’t
work as you expect, that’s probably why. Net::SSH 1.1.4 is a year more
recent from the 1.x train, but if I were you I’d switch to Net::SSH 2.
The parameters to Net::SSH.start have changed, but I found that the rest
of my code worked fine.

Having said all that, it would be better simply to remove the offending
entry from .ssh/known_hosts. Net::SSH is telling you that the host
you’re connecting to is different from the one you previously connected
to (which is true, since you reinstalled it)

4

Brian C. wrote:

Kamal A. wrote:

I am getting an error:

/sw/lib/ruby/gems/1.8/gems/net-ssh-1.1.1/lib/net/ssh/host-key-
verifier.rb:47:in `process_cache_miss’: fingerprint da:
34:2e:a6:87:c4:c8:49:0e:a1:8e:39:fd:fc:ef:e7 does not match for (Net::SSH::HostKeyMismatch)

Is there a way to Ignore HostKeyMismatch ?

Yes - see Net::SSH::Verifiers::Null, which should be selected by
:paranoid=>false.

However, Net::SSH version 1.1.1 is ancient (May 2007), so if it doesn’t
work as you expect, that’s probably why. Net::SSH 1.1.4 is a year more
recent from the 1.x train, but if I were you I’d switch to Net::SSH 2.
The parameters to Net::SSH.start have changed, but I found that the rest
of my code worked fine.

Having said all that, it would be better simply to remove the offending
entry from .ssh/known_hosts. Net::SSH is telling you that the host
you’re connecting to is different from the one you previously connected
to (which is true, since you reinstalled it)

I actually FOUND the solution:

Net::SSH.start( value_hosts, USER, :password => PASS , :paranoid =>
false ) do|ssh |
# The rescue block is used to ignore the change
in key and still login using ssh
begin
rescue Net::SSH::HostKeyMismatch => e
puts “remembering new key: #{e.fingerprint}”
e.remember_host!
retry

                    end

Thanks,
-Kamal.

5

On Tue, May 18, 2010 at 2:19 PM, Kamal A. [email protected]
wrote:

I actually FOUND the solution:

You seem to have misspelled “DOS vector” :slight_smile:

Net::SSH.start( value_hosts, USER, :password => PASS , :paranoid =>
false ) do|ssh |
# The rescue block is used to ignore the change
in key and still login using ssh
begin
rescue Net::SSH::HostKeyMismatch => e
puts “remembering new key: #{e.fingerprint}”
e.remember_host!
retry
end

And wouldn’t it be amusing if a malicious compromised host just kept
on providing a different host key to each request …