1619626 – Host creds validation fails if host's ssh key has changed before

Bug 1619626 - Host creds validation fails if host's ssh key has changed before

Summary: Host creds validation fails if host's ssh key has changed before

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat CloudForms Management Engine
Classification:	Red Hat
Component:	Providers
Sub Component:
Version:	5.9.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	low
Target Milestone:	GA
Target Release:	5.11.0
Assignee:	Martin Perina
QA Contact:	Angelina Vasileva
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1624700
TreeView+	depends on / blocked

Reported:	2018-08-21 10:53 UTC by Radim Hrazdil
Modified:	2019-08-19 13:42 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1624700 (view as bug list)
Environment:
Last Closed:	2019-06-11 15:26:46 UTC
Category:	---
Cloudforms Team:	CFME Core
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
evm.log (6.99 KB, text/plain) 2018-08-21 10:53 UTC, Radim Hrazdil	no flags	Details
View All

Description Radim Hrazdil 2018-08-21 10:53:21 UTC

Created attachment 1477486 [details]
evm.log

Description of problem:

If a host without validated credentials has it's ssh keys changed, it is no longer possible to validate the credentials after the ssh keys have changed.

When you attempt to validate host credentials (and ssh key of the host has changed since it's provider was added to cfme appliance), cfme asks if it should accept the new public key, but it seems that it fails to do so. Subsequently, the validation fails with 'No credentials defined' error message.


Version-Release number of selected component (if applicable):
5.9.4.4.20180816162527_c00eb23
RHV Version:4.2.6.3-0.1.el7ev

How reproducible:
100%

Steps to Reproduce:
0. Have cfme appliance with added RHV provider, Host without validated creds
1. Let's assume that at this point ssh keys of a host are updated:
    -- # ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
    -- # ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t dsa
    -- # /sbin/service sshd restart
2. Try to validate credentials of the host with refreshed keys
3. CFME asks whether new keys should be accepter, click OK

Actual results:
'No credentials defined' error message.

Expected results:
New keys should be accepted and credentials successfully validated. 

Additional info:

If the host with regenerated ssh key has had been validated before, cfme accepts the new keys successfully and creds are validated. The error only occurs when ssh keys change on previously unvalidated host.

Easy workaround is to remove the old host key from known_hosts.

Note You need to log in before you can comment on or make changes to this bug.