The difference between IP address and Hostname when creating SSH User Equivalency

  • A+
Categories:Linux

I provided a 12c RAC step-by-step installation guide to client and he got issue during the deployment. Be specific, he failed the SSH User Equivalency:

[grid@rac122-1 ~]$ ssh -o FallBackToRsh=no -o PasswordAuthentication=no -o StrictHostKeyChecking=yes -o NumberOfPasswordPrompts=0 rac122-2 -n /                                                                  bin/true
No ECDSA host key is known for rac122-2 and you have requested strict checking.
Host key verification failed.

I never got such issue so I asked him to check if he could login the nodes without password, and he showed me some screen shots and it was clear he could login these nodes with IP addresses without password.

I did below tests to duplicate his issue and also knew how to fix it.

Of course I removed all the rows in the .ssh/known_hosts file before the test.

[grid@rac122-1 ~]$ ssh 192.168.116.22
The authenticity of host '192.168.116.22 (192.168.116.22)' can't be established.
ECDSA key fingerprint is SHA256:Q80HZok35Zn9tl7fXqEWr5ONP4cVw14DONcxg4REsfk.
ECDSA key fingerprint is MD5:32:8b:24:65:12:be:11:78:51:72:9a:58:42:be:3e:07.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.116.22' (ECDSA) to the list of known hosts.
Last login: Mon Jul 15 12:19:33 2019 from rac122-1.dbcloudsvc.com
[grid@rac122-2 ~]$ exit
logout
Connection to 192.168.116.22 closed.
[grid@rac122-1 ~]$ ssh 192.168.116.22
Last login: Mon Jul 15 12:22:07 2019 from rac122-1.dbcloudsvc.com
[grid@rac122-2 ~]$ exit
logout
Connection to 192.168.116.22 closed.
[grid@rac122-1 ~]$ ssh -o FallBackToRsh=no -o PasswordAuthentication=no -o StrictHostKeyChecking=yes -o NumberOfPasswordPrompts=0 rac122-2 -n /                                                                  bin/true
No ECDSA host key is known for rac122-2 and you have requested strict checking.
Host key verification failed.
[grid@rac122-1 ~]$ ssh -o FallBackToRsh=no -o PasswordAuthentication=no -o StrictHostKeyChecking=yes -o NumberOfPasswordPrompts=0 192.168.116.22 -n /bin/true
[grid@rac122-1 ~]$ echo $?
0

So if I updated the test command using ip address instead of hostname, it would work.

I did not want to modify the cluster verification script so I continued my test.

[grid@rac122-1 ~]$ ssh rac122-2
The authenticity of host 'rac122-2 (192.168.116.22)' can't be established.
ECDSA key fingerprint is SHA256:Q80HZok35Zn9tl7fXqEWr5ONP4cVw14DONcxg4REsfk.
ECDSA key fingerprint is MD5:32:8b:24:65:12:be:11:78:51:72:9a:58:42:be:3e:07.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac122-2' (ECDSA) to the list of known hosts.
Last login: Mon Jul 15 12:22:16 2019 from rac122-1.dbcloudsvc.com
[grid@rac122-2 ~]$ exit
logout
Connection to rac122-2 closed.
[grid@rac122-1 ~]$ ssh rac122-2
Last login: Mon Jul 15 12:28:48 2019 from rac122-1.dbcloudsvc.com
[grid@rac122-2 ~]$ exit
logout
Connection to rac122-2 closed.
[grid@rac122-1 ~]$ cat .ssh/known_hosts
rac122-1,192.168.116.21 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA/MaUPdW39p8gAogOSznMoeeeJtcZ1P1axLpuzTaJ8Cx5kQtLEQq59Ah393syyfYDKa                                             St2nMOm9Jf2FCMEbc/M=
rac122-2-priv,192.168.126.22 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMqT5CZnDS9JRdO5eZzrAdqOIpkXspPxE+WJgzhYfZE1Siq85dccmhk/71r653d                                             FvXXsZpRmxgzvZ2b+3ho+9/4=
rac122-1-priv,192.168.126.21 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA/MaUPdW39p8gAogOSznMoeeeJtcZ1P1axLpuzTaJ8Cx5kQtLEQq59Ah393syy                                             fYDKaSt2nMOm9Jf2FCMEbc/M=
192.168.116.22 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMqT5CZnDS9JRdO5eZzrAdqOIpkXspPxE+WJgzhYfZE1Siq85dccmhk/71r653dFvXXsZpRmxgzvZ                                             2b+3ho+9/4=
rac122-2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMqT5CZnDS9JRdO5eZzrAdqOIpkXspPxE+WJgzhYfZE1Siq85dccmhk/71r653dFvXXsZpRmxgzvZ2b+3ho                                             +9/4=
[grid@rac122-1 ~]$ ssh -o FallBackToRsh=no -o PasswordAuthentication=no -o StrictHostKeyChecking=yes -o NumberOfPasswordPrompts=0 rac122-2 -n /bin/true
[grid@rac122-1 ~]$ echo $?
0

Oh, I noted I got two rows of the same node. The good thing was that I could pass the test command.

Now I removed the generated two rows and used the hostname directly.

[grid@rac122-1 ~]$ vi .ssh/known_hosts
[grid@rac122-1 ~]$ ssh rac122-2
The authenticity of host 'rac122-2 (192.168.116.22)' can't be established.
ECDSA key fingerprint is SHA256:Q80HZok35Zn9tl7fXqEWr5ONP4cVw14DONcxg4REsfk.
ECDSA key fingerprint is MD5:32:8b:24:65:12:be:11:78:51:72:9a:58:42:be:3e:07.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac122-2,192.168.116.22' (ECDSA) to the list of known hosts.
Last login: Mon Jul 15 12:28:56 2019 from rac122-1.dbcloudsvc.com
[grid@rac122-2 ~]$ exit
logout
Connection to rac122-2 closed.
[grid@rac122-1 ~]$ ssh rac122-2
Last login: Mon Jul 15 12:31:29 2019 from rac122-1.dbcloudsvc.com
[grid@rac122-2 ~]$ exit
logout
Connection to rac122-2 closed.
[grid@rac122-1 ~]$ cat .ssh/known_hosts
rac122-1,192.168.116.21 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA/MaUPdW39p8gAogOSznMoeeeJtcZ1P1axLpuzTaJ8Cx5kQtLEQq59Ah393syyfYDKa                                             St2nMOm9Jf2FCMEbc/M=
rac122-2-priv,192.168.126.22 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMqT5CZnDS9JRdO5eZzrAdqOIpkXspPxE+WJgzhYfZE1Siq85dccmhk/71r653d                                             FvXXsZpRmxgzvZ2b+3ho+9/4=
rac122-1-priv,192.168.126.21 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA/MaUPdW39p8gAogOSznMoeeeJtcZ1P1axLpuzTaJ8Cx5kQtLEQq59Ah393syy                                             fYDKaSt2nMOm9Jf2FCMEbc/M=
rac122-2,192.168.116.22 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMqT5CZnDS9JRdO5eZzrAdqOIpkXspPxE+WJgzhYfZE1Siq85dccmhk/71r653dFvXXs                                             ZpRmxgzvZ2b+3ho+9/4=
[grid@rac122-1 ~]$ ssh -o FallBackToRsh=no -o PasswordAuthentication=no -o StrictHostKeyChecking=yes -o NumberOfPasswordPrompts=0 rac122-2 -n /bin/true
[grid@rac122-1 ~]$ ssh -o FallBackToRsh=no -o PasswordAuthentication=no -o StrictHostKeyChecking=yes -o NumberOfPasswordPrompts=0 192.168.116.22 -n /bin/true
[grid@rac122-1 ~]$ echo $?
0

Now I got one row including both hostname and ip address and I also passed the test commands. :)

Comment

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: