Troubleshooting
Problem
SSH and any application that uses SSH to establish connections such as SCP and RSYNC fail to connect to an unmanaged QRadar® appliance. This issue affects procedures such as copying QRadar® SFS files to patch a host to match the Console's version before adding the appliance to the deployment.
Symptom
The SSH connection attempt fails with the error:
# ssh <Remote Host IP>
ERROR: No ECDSA host key is known for <Remote Host IP> and you have requested strict checking.
ERROR: Host key verification failed.
Cause
When "strict checking" is enforced, the SSH connections to a host require the host's public host key to previously exist in the /root/.ssh/known_hosts file.
On older versions, the missing key entry generated a warning. The administrator could choose Y to proceed with the connection or abort it.
Environment
QRadar® 7.4.2 and later.
Resolving The Problem
- Log in to the host originating the SSH connection.
- SSH to the remote host disabling the strict checking. This will add the entry in the /root/.ssh/known_hosts file.
Note: This command is a one-time disabling of the strict check to allow for changes to the known_hosts file. Future attempts will use strict checking.
# ssh <Remote Host IP> -o StrictHostKeyChecking=no Warning: Permanently added '<Remove Host IP> (ECDSA) to the list of known hosts. root@<Remove Host IP> 's password: - SSH to the remote host and the connection is established.
# ssh <Remote Host IP>
Related Information
Document Location
Worldwide
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.4.2"}]
Was this topic helpful?
Document Information
Modified date:
15 March 2021
UID
ibm16416585