I just updated OOD 1.6 to 1.7 and I have a question about the Terminal feature under the Files tab.
When I do that now (Files -> Open in Terminal), I am getting: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is… Please contact your system administrator. RSA host key for localhost has changed and you have requested strict checking. Host key verification failed. Your connection to the remote server has been terminated.
I do not have “/etc/ood/config/apps/shell”.
I tried adding “/var/www/ood/apps/sys/shell/env” with “DEFAULT_SSHHOST=“rhino.unl.edu””, but that didn’t work.
I initially got the same error when I tried Clusters -> Shell Access from the Dashboard as well, but I fixed that by replacing “host: localhost” with “host: “rhino.unl.edu”” in “/etc/ood/config/clusters.d/rhino.yml”.
If you have any suggestions, or documentation I should follow to fix this, please let me know.
Thanks for bringing this up! localhost is probably not the best thing to default to, we should probably dns lookup the host we’re on instead.
As the administrator, this is probably what you should do. Set the default ssh host a real dns entry. To fix your problem you need to find the localhost entry in ~/.ssh/known_hosts and remove it. Unfortunately all your users will have to do this. ssh-keygen -R localhost will do this.
This comes from ssh saying ‘localhost’ is some known host, only, it’s relative. The localhost identity on somehost01 is different than adifferenthost01 (unless all your hosts use the same key which is probably a very bad strategy).
If you have a lot of users, and migrating all their keys is going to be painful you could start to share keys. I wouldn’t suggest this, but it is a potential option. But I think re-configuring OOD now will save you in the long run because having a localhost entry in your known_hosts is likely going to cause issues even outside of ood.
Thank you so much for your prompt reply and explanation!
I will probably have more questions regarding the proposed solution later after I think about it.
For now, I added “DEFAULT_SSHHOST=“rhino.unl.edu"” to “/var/www/ood/apps/sys/shell/env”, and removed the “localhost” entry from “known_hosts”.
When I tried to open Terminal from Files again, I was able to login, but to the node where OOD is installed, and not the login node of our cluster.
After some reading, I realized that “/var/www/ood/apps/sys/shell/env” (mentioned in https://osc.github.io/ood-documentation/master/customization.html#set-default-ssh-host) should actually be “/var/www/ood/apps/sys/shell/.env”.
After renaming “env” to “.env”, using the Terminal works as expected.
This is an update mentioned in different topic in case someone finds it useful - I talked to our system administrator, and he set HostBasedAuthentication on the OOD node to be allowed from the local machine (localhost). We tested it, and since that is the first authentication method that will be tried, as long as that works, users’ public keys won’t be used.
I hope this helps in case someone else has similar issue.