Index

Overview

We recommend backing up your Statseeker server on a regular basis, and particularly both pre and post upgrading your Statseeker server. Statseeker offers secure options when connecting to the backup repository - communicating with the backup destination via an ssh or sftp connection. When configuring the secure backup, Statseeker adds a host 'fingerprint' for the destination to a 'known hosts' file. This fingerprint is then referenced when establishing future connections to confirm that the server Statseeker is connecting to, is the same server that was previously connected to.

  • Upgrading the destination server operating system typically results in Statseeker's locally stored host key fingerprint no longer matching the destination server
  • Statseeker's backup process will fail when attempting to connect to a destination which fails this fingerprint check

To address this situation, either:

  • Update Statseeker's 'known hosts' (recommended)
  • Disable the host key checking process on the Statseeker server (not recommended)

[top]

Updating Statseeker's Known Hosts (recommended)

After an upgrade to the destination server, a new fingerprint can be added to Statseeker's known hosts. This is a manual process that will need to be taken after all such changes to the destination server.

  • Login to the Statseeker server, and run the following on the CLI

ssh-keyscan -t rsa hostname-or-IP-address

This will return the fingerprint for the specified host.

Example:

ssh-keyscan -t rsa 10.1.2.3
# 10.1.2.3:22 SSH-2.0-OpenSSH_8.8 FreeBSD-20211221
10.1.2.3 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbQjwg2hVEoel9Btr9fBbSPbVq0gPw6kXDHJgvomaYL140uHddePnn8J+cF7RVkhg3WWqefFcAw8gSlzHfssJC5MY/IkMmJRwphJ2hCndQFzeiqq59wXo0WpT6yZXnsyplGm5FJ5FNY1ebse/3cPAy2M5atoWZuNcKxN4TBzQ5PqjQwoFxOujOf8kQ/sKEUtrkIAIGdhv2Zi07iUhLDX+SE/Zsz8doTZlSoMMA6ExGe8QTdFvm/PGeGnAgJdwpura95AKN/imN1D/qYcjEir6Rmnv7KuMp8gfDXSXRcGTTsZ/g7UsQrtVTX6otu60ixWxLcGBCsV9/hFLy3OHfb9/2l3udEJjQxYaO4nxYbsfzFgV2FLdaM6MFUSSrmqwqBXi4WpmhePBG1utZyQuY+/5bbEFBUO6YivvdZqhzEKxyVFBIVFQwtM2Pyr+SpnWSW2Fe51qRwAhkbk4mwgQB7J3BQ07j8eBexPC0Nki6KWxlggXiOp+W9HpVERxF/6uGjpM=

Copy the fingerprint and add to the known_hosts file:

  • Open known_hosts in the vi editor

vi ~/.ssh/known_hosts

Add the following to the known_hosts:

hostname-or-IP-address ssh-rsa <SSH-fingerprint>

Example:

10.1.2.3 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbQjwg2hVEoel9Btr9fBbSPbVq0gPw6kXDHJgvomaYL140uHddePnn8J+cF7RVkhg3WWqefFcAw8gSlzHfssJC5MY/IkMmJRwphJ2hCndQFzeiqq59wXo0WpT6yZXnsyplGm5FJ5FNY1ebse/3cPAy2M5atoWZuNcKxN4TBzQ5PqjQwoFxOujOf8kQ/sKEUtrkIAIGdhv2Zi07iUhLDX+SE/Zsz8doTZlSoMMA6ExGe8QTdFvm/PGeGnAgJdwpura95AKN/imN1D/qYcjEir6Rmnv7KuMp8gfDXSXRcGTTsZ/g7UsQrtVTX6otu60ixWxLcGBCsV9/hFLy3OHfb9/2l3udEJjQxYaO4nxYbsfzFgV2FLdaM6MFUSSrmqwqBXi4WpmhePBG1utZyQuY+/5bbEFBUO6YivvdZqhzEKxyVFBIVFQwtM2Pyr+SpnWSW2Fe51qRwAhkbk4mwgQB7J3BQ07j8eBexPC0Nki6KWxlggXiOp+W9HpVERxF/6uGjpM=

Notes on using the Vi editor:

Once known_hosts is open in Vi:

  • Type G (upper-case G) - this will position the cursor at the end of the file
  • Then o (lower-case o)- to position the cursor at the start of a new line, in edit mode

Add your content, then to save and exit:

  • Press Esc to exit edit mode
  • Type :x (colon, lower-case x) to save the changes and exit the editor

[top]

Disabling Host Key Checking (not recommended)

Another option is to disable the host-key checking process on the Statseeker server. This is not the recommended approach as it may open secure communications between your Statseeker server and other elements of your network to 'man-in-the-middle' attacks.

To disable host key checking we need to edit ~/.ssh/config:

  • Open config in the vi editor

vi ~/.ssh/config

If this file doesn't exist on your server, it can be created with:

touch ~/.ssh/config

Disable SSH host key checking for all hosts

Add the following to the config file:

Host *
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null

Disable SSH host key checking for specific IPs

Host <hostname-or-IP-address-or range>
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null

Example:

Host 192.168.0.*
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null

  • Save the updated config file

Disabling host key checking will result in warning messages being logged. These messages can be silenced (not recommended) by adding the following to the corresponding section in ~/.ssh/config:

LogLevel ERROR

[top]

SSH Connections after Upgrading your Statseeker Server

If an operating system update is applied as part of a Statseeker server upgrade, then the server's host key will change and this will impact users attempting to establish SSH connections to the server.

Typically this change wont cause the connection to fail, but instead will raise a warning advising of the issue and asking for confirmation to update the fingerprint and proceed with the connection.


[top]