Problem

You are unable to commit configuration changes on CPE branch devices, and the Bad Private key error message is displayed.

When you try to sync the Director configuration with the branch, you may encounter the following error: 

Remote Server Exception view details
malformed-message : Failed to authenticate towards device GIMEC-LAB-CPE2: Bad private SSH key for local/remote user arun.c/admin

As a result, you cannot commit any configuration changes on the CPE branch devices. 

This problem may arise for one of the following reasons: 

• If the host IP address has moved from one device to another, when the Director node updates the keys of the old IP addresses and tries to authenticate the host using the same keys, the keys fail to authenticate the IP addresses. 
• The FlexVNF device has lost its Versa Director keys.

Solution

To fix this problem:

1. Issue the shell command  sudo /opt/versa/vnms/scripts/push_keys_to_device.sh IP-Address device-password to push the key from Versa Director to the affected FlexVNF branch device. ip-addressis the IP address of the FlexVNF device. For example:

   Administrator@Director:~$ sudo /opt/versa/vnms/scripts/push_keys_to_device.sh 10.3.64.229 ******
   [sudo] password for admin:
   Warning: Permanently added '10.3.64.229' (ECDSA) to the list of known hosts.
   0 0
   admin@DIRECTOR:~$

   
   

2. Issue the request devices fetch-ssh-host-keys device device-name CLI command to fetch the keys from the FlexVNF branch device. For example:

   Administrator@Director-New> request devices fetch-ssh-host-keys device Branch-2
   fetch-result {
       device Branch-2
       result unchanged
       fingerprint {
           algorithm ssh-dss
           value 2a:5c:1b:d1:4c:31:cd:37:35:a7:27:25:be:dd:f3:b7
       }
   } 

   
   

3. If there are multiple entries found under /home/admin/.ssh/authorized_keys you can truncate the file follow the step1. This will delete the Old Keys and push the new Key from Versa Director. For example: Issue the truncate -s 0 /home/admin/.ssh/authorized_keys

   [admin@IND-DEL-2019013367-DELHI-1: ~] $ cat /home/admin/.ssh/authorized_keys
   ssh-dss AAAAB3NzaC1kc3MAAACBAIxT+EyQT99QPlFhn4VtIIZCPwmt9mECZxxqdynqbskqXIyXiOrN4pu1gyvWDaebxpufcPlPkp4wZXuyZCTBh/hNmadEleQfO3jb2xwsosynOhPUF1GoUpgxuSJRCPH/RrCOKc9qo68uKAnuVxQSKj8JF/MWMzPGp1oATWyvgl51AAAAFQDzUVfx12JtW+dfvPWkUZTXyQL31wAAAIANXUvarYpC+fwKDSMJKFe/KRNWYT+i+hYNBcCPc6r0JwTt0bhaeaw04JS+++EuRWwOc78K6vend2mnMP/VLJxIcrAUmIdkU9tqdiiVTEup4J8F3+lmF5E1kwk59ILIRRy4oSi4F0pWYcJRW3D8iOpqkqzZ6EOh/rKOqAxgnxZScgAAAIAVC+XAv66b0kBaygsTs0Yz6mvAMya9jlHD3SFpyAsO4/fMZ+42ik9QeSGo2kB3zZNXZxeJXxJPaitZfrlF3crHZrJuYMdq7WPKOdFhorlf4W0weCavLToGoKuSzcZPkyJ2gYRdaqbY5svqzNAxyvSgt1Phssn/PCIj2yHRFrMGPA== root@versa-director
   ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDlrJUGHhOoETMWhPaHlBJmZhGy6qzqCiuXBA/vakZv7LN7J0yd+Atp2Eppj9XbNdq8633n+wqbnORQ7R7iVq+E9rnNYyRBqP9FhZfHUkdPtiQy0qd3Tf9RHMIrjyYDblbhn68VUWVH6s1uvMDy5xrEa6dNVGFhJjYpD5Zea2pwVh4xr9pNmjiUs4xX8x7522Ov+ab3W4CUAY19NZb6kEIAx+3Dy44lQ/wyH0yQV5S6jvcKLGKX91WgRQpzUN3Eab3mtw3VwNFQWyEUAjrlkLGQKYtEADOz+DU5u1yfZeC3WnrfQ1KAZ+dFlqG1p0NUlZU9Gq37CHIilCVlJqyg5/JV root@versa-director1
   ssh-dss AAAAB3NzaC1kc3MAAACBAIDJ7aj5A5qsSKOmWvKpO5sPs6Sflixy85uMnxOx6f/6IeMSNX5WaY76qEqMnEVP6cwa7ogajtM7PHQXVRAVCr8Cx3ZIf4VGSW+ekuHJxivgqO7SOSOPmSIoYo2ufQYy4sIr7A5+ZNCfK6lwf32u8xSBwIeGrkssNXMfBO39NXXXAAAAFQDzJ/Oq5BU9qfjVggVdmx+LbIt9jQAAAIBQA/F2oYU7yDc8qpnDuCqk+24NSczb4Jqcswzs2CjgRXHpRnaS+Rc//eOR3H1eIVhPbCbvGv/Gy8aEspdugrkvYQKQAxTE5sSyoBqepK/5uNzdSfjl2LkrwJErTVsbV1smqxbm2V3JPBVcI6fAFafEN8vwqNcv5OWiwn9VVfxotgAAAIBYE7Ygmtq7bH7mZs4kWVwwPUyvp7aoX5WTFFZxb+eVZYgp87mUxqicFo671kwE2X7Hvigx74EjJLRUsSlFTNg8lX3nmJTiaQhhR85Ix3rC8Ui8L1jMFZCvLWyOSQWzk3/Rog85WUk3ZiI+FkfcCa1WTnXT6/JbdwX4l5F9lpZvkQ== root@versa-director
   ssh-dss AAAAB3NzaC1kc3MAAACBALX9lSLVaUmDvuXIdIA5+gpw0mUlNe/gXnkg4t8NZqyrziTsUPh53XsZbd3aP3Pxj7FcGW6g8c8P92EBh+opb9mBtz52oWofWb0tufCS6POBt5hSY6bCnERsOy9NAEQGd7QkRBvgRYkNpHJYBOlJiSTmJG2odmtqhh30RtdZEWZNAAAAFQDOsTsHVSWE6tKtui5nRdaBttCHIwAAAIAUwDlGpMfL41f/jGrG0MAd9ZBJOWaZ57WGX3TZ3ykiGqXKUUP1Zls17mB6ZC+Lt/S9u1LMHa5/ESZ/1gdGbW2oPqJSujqBDghvXpTXWbugjbSdCiuxQXoDt4GJsurksvtuqQXMX9h+4h5PVZd/OLblX8Bc45kqltAwdYTQ6t0IkQAAAIEAs5YqJ9b86jdhxbohec2POWDOBm6wL5HVIfOwgE8ePHIeLacgkklnb2AvizKaW7gDikT3lAQYVjqiVeGZYNOcPCoBOCFk+2vKiFPFsgp96aAgR6UIDnZHWkpMEahxZE5b255vK/9nAd/tUjt2B4Fl8KFA6RauwBXXnTwDSGD0FeQ= root@versa-director
   ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsKiPu7TBPxKLhrp87a1wsV6T069Vr3f5YHIJmOZLqMof0cfv3L8CjvW42Pfb1qtZ5kwNG9FBiwjegh0hoqktMrTG9sKEOvhhr4UFO60PNO4kp/P8w/u7P7G6EoVDcFSPk+Vo1PQdHlpWxqgPJEu5BAm3IzSe616KdAAyeH2UOHCR7XEuc712EoACsmbPlXhev/FxDhk88btAOhoCDwCp8m9OI+g+wtT7NhRdwpNyTwygg9Rxj8SlUDYO7+729bGnl21f1lHiovXRUDyx9OlqlRGtALJLgLz68Zw83kVOSORQ9u2NlMW0uukkq0J6k2EBFrwUhAUS1p2MknRXaYu0d root@VD-LIL-IN-01-STX-STG
   
   To truncate the /home/admin/.ssh/authorized_keys
   
   [admin@DUALCPE2: ~] $ truncate -s 0 /home/admin/.ssh/authorized_keys