Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
813
Views
0
Helpful
1
Replies

Change in host key verifications during cluster communication in AsyncOS 11.x.x

amelo@
Level 1
Level 1

‎04-24-2018 12:01 PM

We are upgrading our cluster of ESAs (C190) from  version10.0.3-004 to 11.1.0.131

On the release notes it is mentioned that since 11.x.x during cluster communication, host key verifications are now performed  based on SSH-RSA only.

I remember that when adding each of the ESAs to the cluster we used SSH (never CCS) so I’m assuming I won’t need to add SSH keys to/from each one after the upgrade. Is this correct?

Labels:
0 Helpful
1 Reply 1

Robert Sherwin
Cisco Employee
Cisco Employee

‎05-03-2018 07:33 PM

You will want to clear and reset the host key from with-in logconfig > hostkeyconfig in order to have clustering sync properly.  Once you scan and add the key, it should automatically import the host keys back and resume cluster communication.

Cheers,

Robert

Cheers,
Robert Sherwin
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents