[Linux] SSH / RSA death ..... help me linux gurus!

cmsamo

I have a system that has 3 boards (each one a mini PC). 1 board has a hard drive and the other two are set to boot from this drive.

The drive recently became corrupted. I lost some of the mount data in /tftpboot/ for the two other boards. I've managed to recover the data by replacing it from an almost identical machine. However, in replacing the files, I've managed to mix up the RSA keys (understandably, because I've unwittingly copied over keys from a totally different machine.)

My three boards have internal network address that are:

192.168.254.111
192.168.254.112
192.168.254.113 *

* this board has an external facing IP address (192.168.0.14) so the outside world can talk to it.

They all boot fine, but inter-board comms is "broken". I can PuTTY into 192.168.0.14, but if I try to ssh to the other boards, I get a message:

login as: xxxx
xxxx@192.168.0.14's password:
-bash-2.05b# ssh 192.168.254.111
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
3e:2a:a1:24:e2:ae:1f:2e:cb:28:63:5e:89:89:32:29.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:1
RSA host key for pdp has changed and you have requested strict checking.
Host key verification failed.
-bash-2.05b#

Now, I understand why this message is here (I think!) - it's because when copying the tftpboot/192.168.254.112 folder from the other system, the other system's RSA key was included.

How can I quickly delete all record of the RSA keys on this system, and restart?

I've got a script that "should" take care of all this, but it doesn't seem to put things right:

rm -f /home/cdppasskey
rm -f /home/pdppasskey
rm -f /home/srppasskey
ssh 192.168.254.113 "rm -f /root/.ssh/id_rsa*; ssh-keygen -t rsa -P '' -f /root/.ssh/id_rsa; cp -f /root/.ssh/id_rsa.pub /home/cdppasskey"
ssh 192.168.254.111 "rm -f /root/.ssh/id_rsa*; ssh-keygen -t rsa -P '' -f /root/.ssh/id_rsa; cp -f /root/.ssh/id_rsa.pub /home/pdppasskey"
ssh 192.168.254.112 "rm -f /root/.ssh/id_rsa*; ssh-keygen -t rsa -P '' -f /root/.ssh/id_rsa; cp -f /root/.ssh/id_rsa.pub /home/srppasskey"
rm -f /home/authorized_keys2
cat /home/cdppasskey > /home/authorized_keys2
cat /home/pdppasskey >> /home/authorized_keys2
cat /home/srppasskey >> /home/authorized_keys2
ssh 192.168.254.113 "cp -f /home/authorized_keys2 ~/.ssh/"
ssh 192.168.254.111 "cp -f /home/authorized_keys2 ~/.ssh/"
ssh 192.168.254.112 "mv -f /home/authorized_keys2 ~/.ssh/"
rm -f /home/cdppasskey
rm -f /home/pdppasskey
rm -f /home/srppasskey

What am I missing here?

Thanks for anyone that can help....

JHunz

I don't see anything in your script to remove or replace the known existing keys in the /root/.ssh/known_hosts file mentioned in the error message.

soxbox

You should regenerate the RSA keys on each host to keep them all different - I believe just deleting the key files and restarting ssh will do that, but google about to be sure.

Your account on each machine will also have a ~/.ssh/known_hosts file - this is the file that's being checked to give the error message you are seeing.

cmsamo

So, basically, PuTTY into each machine, and go to ./ssh/known_hosts for each, and delete all the info in each entry? Then rerun my script?