The SSH Host key is used to distinguish monitored hosts, there should not be duplicate SSH keys. A key can be duplicated if a server is cloned. This section describes how to change the SSH host key for a particular host, eliminating the events and alarms generated when duplicate hosts are detected.
On UNIX, Linux and Mac OS platforms, use the ssh-keygen
utility. On Microsoft Windows platforms, there are several tools, but this example uses puttygen
.
Identiify the duplicate SSH keys.
See AlsoPassphrase — the ultimate protection for your accountsRSA keys are not deprecated; SHA-1 signature scheme is!Passphrases and hidden wallets on Trezor hardware walletsHow to Delete Files and Folders via SSHOn each monitored host, run the following commands to print out the SSH public key fingerprints:
ssh-keygen -l -f /etc/ssh/ssh_host_key.pubssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pubssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
and compare the fingerprints between each server. Remove the existing key and regenerate the key for each server with a duplicate key using the following instructions.
On the monitored host, delete the existing, duplicate SSH key. For example:
sudo rm -f /etc/ssh/ssh_host_*
On the monitored host, regenerate the SSH keys. This operation requires you to add each of these hosts to your SSH keyring the next time you connect. For example:
sudo ssh-keygen -f /etc/ssh/ssh_host_key -N '' -t rsa1sudo ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsasudo ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
If using
puttygen
, click Generate and follow the instructions on-screen.Note
The key can be generated using RSA (SSH1 or SSH2), DSA, or ECDSA. All are supported by MySQL Enterprise Monitor.
Restart your sshd server.
Note
This step is required on MySQL 5.5 instances, only. It is not required on any version of MySQL 5.6, or higher.
On the monitored MySQL instance, edit the
hostid
value:mysql> UPDATE mysql.inventory SET VALUE = 'ssh:{New SSH Fingerprint}' WHERE name = 'hostId';
Restart the monitoring agent.