Documentation Home
MySQL Enterprise Monitor 8.0 Manual
Related Documentation Download this Manual
PDF (US Ltr) - 6.0Mb
PDF (A4) - 6.0Mb


8.4 Changing an SSH Host Key

The SSH Host key is used to distinguish monitored hosts, there should not be duplicate SSH keys. A key can be duplicated if a server is cloned. This section describes how to change the SSH host key for a particular host, eliminating the events and alarms generated when duplicate hosts are detected.

The following steps must be performed:

  • Generate a new SSH key for the monitored host.

  • Edit the monitoring agent's configuration.

On UNIX, Linux and macOS platforms, use the ssh-keygen utility. On Microsoft Windows platforms, there are several tools, but this example uses puttygen.

To generate a new SSH key for the monitored host, do the following:

  1. Identiify the duplicate SSH keys.

    On each monitored host, run the following commands to print out the SSH public key fingerprints:

    ssh-keygen -l -f /etc/ssh/ssh_host_key.pub
    ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
    ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub

    and compare the fingerprints between each server. Remove the existing key and regenerate the key for each server with a duplicate key using the following instructions.

  2. On the monitored host, delete the existing, duplicate SSH key. For example:

    sudo rm -f /etc/ssh/ssh_host_*
  3. On the monitored host, regenerate the SSH keys. This operation requires you to add each of these hosts to your SSH keyring the next time you connect. For example:

    sudo ssh-keygen -f /etc/ssh/ssh_host_key -N '' -t rsa1
    sudo ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
    sudo ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

    If using puttygen, click Generate and follow the instructions on-screen.

    Note

    The key can be generated using RSA (SSH1 or SSH2), DSA, or ECDSA. All are supported by MySQL Enterprise Monitor.

  4. Restart your sshd server.

  5. Note

    This step is required on MySQL 5.5 instances, only. It is not required on any version of MySQL 5.6, or higher.

    On the monitored MySQL instance, edit the hostid value:

    mysql> UPDATE mysql.inventory SET VALUE = 'ssh:{New SSH Fingerprint}' WHERE name = 'hostId';
  6. Restart the monitoring agent.