Host Keys Provide SSH Authentication

The host key is a unique cryptographic key that is held by each node and which is used for SSH authentication. When a node is added to InCenter, a copy of the key is automatically added to the InCenter database.

When InCenter then communicates with the node over SSH, it checks that the same key is being used. Doing this prevents a man-in-the-middle attack where a third party might pretend to be the node.

Changing the Host Key

The administrator can change the host key used by a node by issuing the sshserver -keygen command directly on the node. For example, to change the key used by my-node1, the CLI command would be:

admin@InCenter:/> node my-node1 cli 
my-node1> sshserver -keygen

At this point, the key for the node held in the InCenter database will not match the key. Any user initiated communication attempt between InCenter and the node will fail and give an error message. For example:

admin@InCenter:/> activate 
Activation failed
Node my-node1: Host key (173a5578777da3c4f31f98e) on node
does not match stored key (173a5578777da3c4f31fasd).
Consider that your node may have been compromised.
The host key can be updated in node properties.

To update the InCenter database, the HostKey property for the node now needs to be updated by the administrator using the node key shown on the message above:

admin@InCenter:/> set StandaloneNode my-node1
			HostKey=173a5578777da3c4f31f98e

The stored key now matches the node key.