Guest

Preview Tool

Cisco Bug: CSCvt22027 - ACI: "fabric 101 show xxx" silently fails when a host key of the switch is changed

Last Modified

Aug 18, 2020

Products (1)

  • Cisco Application Policy Infrastructure Controller (APIC)

Known Affected Releases

5.0(0.211l)

Description (partial)

Symptom:
"fabric 101 show xxx" command on APIC silently fails when a SSH host key for the target switch node doesn't match.

<pre>
f2-apic1# fabric 101 show vlan e
----------------------------------------------------------------
 Node 101 (f2-leaf1)
----------------------------------------------------------------

f2-apic1#
f2-apic1# fabric 101 show int bri
----------------------------------------------------------------
 Node 101 (f2-leaf1)
----------------------------------------------------------------

f2-apic1#
</pre>

The SSH host key warning is printed when APIC tries to SSH to the node directly.

<pre>
f2-apic1# ssh f2-leaf1
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:<---- omitted ----->.
Please contact your system administrator.
Add correct host key in /home/admin/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/admin/.ssh/known_hosts:4
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
Nexus 9000 Switch
Permission denied (publickey,password,keyboard-interactive).
</pre>

Conditions:
One of the possible scenarios is when a switch node was manually initialized and booted up with a new image via USB, TFTP boot etc.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.