[ANSIBLE] POSSIBLE DNS SPOOFING DETECTED

서버자체가 변경되면 ~/.ssh/known_hosts 파일에 등록된 키값이 달라 아래와 같이 문제가 발생한다.

TASK [Gathering Facts] *********************************************************
fatal: [testserver01]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
\r\n@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nThe ECDSA host key for testserver01 has changed,
\r\nand the key for the corresponding IP address 123.123.123.123\r\nis unknown. This could either mean that\r\nDNS SPOOFING is happening or the IP address for the host
\r\nand its host key have changed at the same time.\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.
\r\nThe fingerprint for the ECDSA key sent by the remote host is\nSHA256:mxMlB7pMAijAdfdseeetrf3oUM+h+JCQsKdKN9Dmwk0iJ0KbmZcuw.\r\nPlease contact your system administrator.
\r\nAdd correct host key in /var/lib/jenkins/.ssh/known_hosts to get rid of this message.
\r\nOffending ECDSA key in /var/lib/jenkins/.ssh/known_hosts:214\r\nPassword authentication is disabled to avoid man-in-the-middle attacks.
\r\nKeyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
\r\nPermission denied (publickey,password).", "unreachable": true}

 

해결방법

아래 파일을 열어 해당 서버의 정보를 삭제한다.

/var/lib/jenkins/.ssh/known_hosts

 

키워드

POSSIBLE DNS SPOOFING DETECTED

key for the corresponding IP address

he fingerprint for the ECDSA key sent by the remote host