MySQL :: MySQL Enterprise Monitor 8.0 Manual :: 8.4 Changing an SSH Host Key

MySQL Enterprise Monitor 8.0 Manual / ... / Changing an SSH Host Key

8.4 Changing an SSH Host Key

The SSH Host key is used to distinguish monitored hosts, there should not be duplicate SSH keys. A key can be duplicated if a server is cloned. This section describes how to change the SSH host key for a particular host, eliminating the events and alarms generated when duplicate hosts are detected.

The following steps must be performed:

Generate a new SSH key for the monitored host.
Edit the monitoring agent's configuration.

On UNIX, Linux and macOS platforms, use the ssh-keygen utility. On Microsoft Windows platforms, there are several tools, but this example uses puttygen.

To generate a new SSH key for the monitored host, do the following:

Identiify the duplicate SSH keys.
On each monitored host, run the following commands to print out the SSH public key fingerprints:
```
ssh-keygen -l -f /etc/ssh/ssh_host_key.pub
ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
```
and compare the fingerprints between each server. Remove the existing key and regenerate the key for each server with a duplicate key using the following instructions.
On the monitored host, delete the existing, duplicate SSH key. For example:
```
sudo rm -f /etc/ssh/ssh_host_*
```
On the monitored host, regenerate the SSH keys. This operation requires you to add each of these hosts to your SSH keyring the next time you connect. For example:
```
sudo ssh-keygen -f /etc/ssh/ssh_host_key -N '' -t rsa1
sudo ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
sudo ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
```
If using puttygen, click Generate and follow the instructions on-screen.

Note

The key can be generated using RSA (SSH1 or SSH2), DSA, or ECDSA. All are supported by MySQL Enterprise Monitor.
Restart your sshd server.
Note

This step is required on MySQL 5.5 instances, only. It is not required on any version of MySQL 5.6, or higher.

On the monitored MySQL instance, edit the hostid value:
```
mysql> UPDATE mysql.inventory SET VALUE = 'ssh:{New SSH Fingerprint}' WHERE name = 'hostId';
```
Restart the monitoring agent.

PREV HOME UP NEXT