Bug 1369092

Summary: [RFE] - fetch SSH fingerprint should be more automatically and user friendly
Product: [oVirt] ovirt-engine Reporter: Shira Maximov <mshira>
Component: RFEsAssignee: Rob Young <royoung>
Status: CLOSED DEFERRED QA Contact: Lukas Svaty <lsvaty>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.0.0CC: bugs, gshereme
Target Milestone: ---Keywords: FutureFeature
Target Release: ---Flags: oourfali: ovirt-future?
rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-01 14:44:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Shira Maximov 2016-08-22 13:26:45 UTC 
Description of problem:
In case of trying to re-install host, If host changed his SSH fingerprint,
the following error will be in the events tab: 

Host <host name> installation failed. Invalid fingerprint SHA256:+rQeBegZiDek/+b50NXoW/IDVRcwpWYOEYx4YpnLtEg, expected SHA256:PhhVQGc1wyYljj4EAVLCtf/fKSDE5foFZrMnQEPyjlY.

I this case, the behaviour should be the same as connecting this host in ssh.
It means that the user will get a notification about the change of fingerprint,
and will decided if he wants to fetch the fingerprint from the host. 

The reason is that the fetch option is under Edit host -> General -> advanced parameters. and it's not so user friendly.

The ssh message:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for lilach-vdsb.tlv.redhat.com has changed,
and the key for the corresponding IP address 10.35.5.48
has a different value. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/mshira/.ssh/known_hosts:8
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:+rQeBegZiDek/+b50NXoW/IDVRcwpWYOEYx4YpnLtEg.
Please contact your system administrator.
Add correct host key in /home/mshira/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/mshira/.ssh/known_hosts:144
RSA host key for lilach-vdsb.tlv.redhat.com has changed and you have requested strict checking.
Host key verification failed.
Comment 1 Michal Skrivanek 2020-03-18 15:43:38 UTC 
This bug didn't get any attention for a while, we didn't have the capacity to make any progress. If you deeply care about it or want to work on it please assign/target accordingly
Comment 2 Michal Skrivanek 2020-03-18 15:46:53 UTC 
This bug didn't get any attention for a while, we didn't have the capacity to make any progress. If you deeply care about it or want to work on it please assign/target accordingly
Comment 3 Michal Skrivanek 2020-04-01 14:44:31 UTC 
ok, closing. Please reopen if still relevant/you want to work on it.
Comment 4 Michal Skrivanek 2020-04-01 14:49:30 UTC 
ok, closing. Please reopen if still relevant/you want to work on it.