Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
Sign In Create an Account Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Baskets

ECS:ECS 對 Apache Log4j 遠端代碼執行漏洞的解決方案

Summary: Apache Log4j 安全性漏洞。

This article applies to   This article does not apply to 
Check out resources for

Symptoms

CVE 識別符 CVE-2021-44228
CVE 識別符 CVE_2021-45046

Apache 發行:Apache Log4j 遠端代碼執行 

Cause

Apache Log4j 安全性漏洞。

Resolution

應由誰執行此程序?

Dell 要求升級 xdoctor 和安裝修補程式的這個程序由客戶執行。這是最快速、最安全的方法,因為它可避免長時間暴露於此 Apache 漏洞中。所有步驟詳述在本 KB 中。另外也有隨附位於下方連結的此 KB 影片指南可追蹤

影片: Apache-Log4j
 

程序的影響:

服務重新開機時,預期可能出現 I/O 逾時。存取叢集的應用程式必須能夠處理 I/O 逾時。執行此程序時建議提供一個維護時段。
 

活動所需時間 (大約):

在服務重新開機之間,每個節點預設會設定約 7 分鐘的延遲時間。虛擬資料中心 (VDC) 中的節點數乘以 7 分鐘 + 60 分鐘進行準備、DT 穩定,以及需要進行後續檢查。
 
範例:
48 節點 VDC 系統可能需要大約 6.5 小時:
7.5 分鐘 X 48 (VDC 節點數) + 30 分鐘 (準備時間) = 6.5 小時或 390 分鐘。

8 節點 VDC 系統可能需要大約 1.5 小時:
7.5 分鐘 x 8 (VDC 節點數量) + 30 分鐘 (準備) = 1.5 小時或 90 分鐘。


常見問題 (FAQ):

問:此修補程式是 xdoctor 版本的一部分嗎?
答:修補程式安裝指令檔是 xdoctor 版本 4.8-79.1 及更高版本的一部分。下載 xdoctor 和執行修補程式安裝的指示包含在解決步驟中。

問:我可以同時更新多個 VDC 嗎?
答:否,一次修補 1 個 VDC。

問:我可以在執行程式碼版本 3.2.x 或更早版本的 ECS 上套用此修補程式嗎?
答:,此修補程式僅適用於 ECS 版本 3.3.x - 3.6.x。開立服務要求,以排程舊版的升級。

問:如果我在執行此程序後升級 ECS,要在升級後重新執行此程序嗎?
答:否,如果升級到 DSA-2021-273 中指定的程式碼版本,當中有永久修正程式。,如果升級至此相同 DSA 中指定的程式碼版本。

問:修補程式是否需要重新套用在先前在節點更換、重建映像或擴充後安裝的系統上?
答:否,如果 VDC 是在 DSA-2021-273 中指定的程式碼版本。是,如果針對執行此相同 DSA 中指定的程式碼版本的 VDC 執行上述任何動作。在這些情況下需要修補程式時,相關 Dell 工程師會聯絡您,告知需要該更新

問:您應該登入哪個使用者來執行此 KB 中的所有命令?
答:系統管理員

問:是否必須在所有機架上執行 svc_patch 或使用其中的 VDC 中有多個機架的專用機器檔案執行?
答:否,系統會自動偵測是否有多個機架存在,並且修補該 VDC 所有機架上全部的節點。

問:我注意到目標 xdoctor 版本現在是 4.8-79.1,而不是 4.8-79.0。為什麼?
答:xDoctor 版本經常發生,因此建議您一律升級至最高的發行版本。但是,如果您先前使用 4.8-79.0 執行 apache 修正,則系統會受到完整保護,不受漏洞影響,且不需要重新執行。


解決方法摘要:

  1. 將您的 ECS xDoctor 軟體升級至 4.8.-79.1 版或更新版本。
  2. 執行前置檢查。
  3. 使用 xDoctor 隨附的 svc_patch 工具套用系統修補程式。
  4. 確認已套用修正程式。
  5. 故障診斷。


解決方案步驟:

  1. 將您的 ECS xDoctor 軟體升級至最新可用版本。

  1. 檢查系統上執行的 xDoctor 版本。如果版本為 4.8-79.1 或更新版本,請移至步驟 2「執行前置檢查」。否則,請繼續執行下列步驟。
命令:
# sudo xdoctor --version
 
範例: 
admin@node1:~> sudo xdoctor --version 4.8-79.1
  1. 登入支援網站,直接連線至此下載連結,使用關鍵字搜尋列搜尋 xDoctor,然後按一下 xDoctor RPM 連結以下載 xDoctor rpm。如果您想要檢視版本資訊,請依照版本資訊指示,從提供下載的側邊欄選取手冊和文件。

  2. 下載 RPM 後,請使用任何遠端 SCP 程式將檔案上傳至第一個 ECS 節點上的 /home/admin 目錄。

  3. 上傳完成後,請使用管理員將 SSH 連接至 ECS 系統的第一個節點。
  4. 使用新發佈的版本升級所有節點上的 xDoctor。
命令:
# sudo xdoctor --upgrade --local=/home/admin/xDoctor4ECS-4.8-79.1.noarch.rpm

範例: 
admin@node1:~> sudo xdoctor --upgrade --local=/home/admin/xDoctor4ECS-4.8-79.1.noarch.rpm 2021-12-20 12:06:11,358: xDoctor_4.8-78.2 - INFO : xDoctor Upgrader Instance (2:FTP_SFTP) 2021-12-20 12:06:11,358: xDoctor_4.8-78.2 - INFO : Local Upgrade (/home/admin/xDoctor4ECS-4.8-79.1.noarch.rpm) 2021-12-20 12:06:11,392: xDoctor_4.8-78.2 - INFO : Current Installed xDoctor version is 4.8-78.2 2021-12-20 12:06:11,429: xDoctor_4.8-78.2 - INFO : Requested package version is 4.8-79.1 2021-12-20 12:06:11,430: xDoctor_4.8-78.2 - INFO : Updating xDoctor RPM Package (RPM) 2021-12-20 12:06:11,482: xDoctor_4.8-78.2 - INFO : - Distribute package 2021-12-20 12:06:12,099: xDoctor_4.8-78.2 - INFO : - Install new rpm package 2021-12-20 12:06:37,829: xDoctor_4.8-78.2 - INFO : xDoctor successfully updated to version 4.8-79.1
  1. 如果環境是多機架 VDC,則必須在每個機架的第一個節點上安裝新的 xDoctor 套件。若要識別這些機架主體,請執行下列命令。在此例項中,有四個機架,因此會醒目提示四個機架主體
  1. 命令:
    # svc_exec -m "ip address show private.4 |grep -w inet"

    範例:
admin@ecsnode1~> svc_exec -m "ip address show private.4 |grep -w inet" svc_exec v1.0.2 (svc_tools v2.1.0) Started 2021-12-20 14:03:33 Output from node: r1n1 retval: 0 inet 169.254.1.1/16 brd 169.254.255.255 scope global private.4 Output from node: r2n1 retval: 0 inet 169.254.2.1/16 brd 169.254.255.255 scope global private.4 Output from node: r3n1 retval: 0 inet 169.254.3.1/16 brd 169.254.255.255 scope global private.4 Output from node: r4n1 retval: 0 inet 169.254.4.1/16 brd 169.254.255.255 scope global private.4
  1. 將套件從系統的第一個節點 (R1N1) 複製到下列其他機架主體:
範例: 
admin@ecsnode1~> scp xDoctor4ECS-4.8-79.1.noarch.rpm 169.254.2.1:/home/admin/ xDoctor4ECS-4.8-79.1.noarch.rpm 100% 32MB 31.9MB/s 00:00 admin@ecsnode1~> scp xDoctor4ECS-4.8-79.1.noarch.rpm 169.254.3.1:/home/admin/ xDoctor4ECS-4.8-79.1.noarch.rpm 100% 32MB 31.9MB/s 00:00 admin@ecsnode1~> scp xDoctor4ECS-4.8-79.1.noarch.rpm 169.254.4.1:/home/admin/ xDoctor4ECS-4.8-79.1.noarch.rpm 100% 32MB 31.9MB/s 00:00 admin@ecsnode1~>
  1. 根據上述步驟 e,在先前識別的上述每個機架主體上執行相同的 xDoctor 安裝命令。 
命令:
# sudo xdoctor --upgrade --local=/home/admin/xDoctor4ECS-4.8-79.1.noarch.rpm
 

  1. 執行前置檢查

    1. 使用 svc_dt 命令檢查 DT 是否穩定。如果「Unready #」欄顯示 0,則 DT 會保持穩定。如果是,請前往下一個步驟。如果否,請等待 15 分鐘,然後再次檢查。如果 DT 尚未穩定下來,請向 ECS 支援小組開立服務要求。
命令:
# svc_dt check -b
 
範例: 
admin@node1:~> svc_dt check -b svc_dt v1.0.25 (svc_tools v2.0.2) Started 2021-12-16 16:44:51 Date Total DT Unknown # Unready # RIS Fail # Dump Fail # Check type Time since check Check successful 2021-12-16 16:43:44 2432 0 0 0 0 AutoCheck 1m 7s True 2021-12-16 16:42:33 2432 0 0 0 0 AutoCheck 2m 18s True 2021-12-16 16:41:23 2432 0 0 0 0 AutoCheck 3m 28s True 2021-12-16 16:40:13 2432 0 0 0 0 AutoCheck 4m 38s True 2021-12-16 16:39:02 2432 0 0 0 0 AutoCheck 5m 49s True 2021-12-16 16:37:52 2432 0 0 0 0 AutoCheck 6m 59s True 2021-12-16 16:36:42 2432 0 0 0 0 AutoCheck 8m 9s True 2021-12-16 16:35:31 2432 0 0 0 0 AutoCheck 9m 20s True 2021-12-16 16:34:21 2432 0 0 0 0 AutoCheck 10m 30s True 2021-12-16 16:33:11 2432 0 0 0 0 AutoCheck 11m 40s True
  1. 使用 svc_patch 命令驗證所有節點是否處於線上狀態。如果是,請前往下一個步驟。如果否,請調查原因,使它重新連線,然後再次執行檢查。如果無法將節點連線,請向 ECS 支援小組開立服務要求以進行調查。
命令:
# /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch status

範例: 
admin@node1:~> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch status svc_patch Version 2.9.1 Verifying patch bundle consistency DONE Detecting nodes in current VDC DONE Reading in patch details (1 of 2) DONE Reading in patch details (2 of 2) DONE Validating nodes are online DONE Checking Installed Patches and Dependencies DONE Patches/releases currently installed: [ None detected ] Patches that need to be installed: CVE-2021-44228_log4j-fix_3.3.x-3.6.2 (PatchID: 3298) Files that need to be installed: /opt/storageos/lib/log4j-core-2.5.jar (from CVE-2021-44228_log4j-fix_3.3.x-3.6.2) The following services need to be restarted: ALL

  1. 使用 xDoctor 隨附的 svc_patch 工具套用系統修補程式。

    1. 執行 svc_patch 命令,輸入「y」,然後在系統提示您安裝修補程式時按下「Enter」鍵。此命令可在任何 ECS 節點上執行。 

命令:
# screen -S patchinstall
# unset TMOUT
# /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch install

範例:

注意:以下輸出中有一個要繼續進行的提示。

admin@node1:~>screen -S patchinstall admin@node1:~> unset TMOUT admin@node1:~> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch install svc_patch Version 2.9.1 Verifying patch bundle consistency                    DONE Detecting nodes in current VDC                        DONE Reading in patch details (1 of 2)                     DONE Reading in patch details (2 of 2)                     DONE Validating nodes are online                           DONE Checking Installed Patches and Dependencies           DONE Patches/releases currently installed:         [ None detected ] Patches that will be installed:         CVE-2021-44228_log4j-fix_3.3.x-3.6.2                    (PatchID: 3298) Files that will be installed:         /opt/storageos/lib/log4j-core-2.5.jar                   (from CVE-2021-44228_log4j-fix_3.3.x-3.6.2) The following services will be restarted:         ALL Patch Type:                                                     Standalone Number of nodes:                                                8 Number of seconds to wait between restarting node services:     450 Check DT status between node service restarts:                  true Do you wish to continue (y/n)?y [...Truncated Output of each node Distributing files and restarting services...] Distributing files to node 1xx.xxx.xx.xx Distributing patch installer to node '1xx.xxx.xx.xx' Restarting services on 1xx.xxx.xx.xx Restarting all services Waiting 180 seconds for services to stabilize... [...Truncated Output of each node Distributing files and restarting services...] Stopping ViPR services..done Services status 3: stat georeceiver eventsvc blobsvc dataheadsvc blobsvc-perf blobsvc-fi resourcesvc resourcesvc-perf resourcesvc-fi rm cm ssm objcontrolsvc metering sr storageserver nvmeengine nvmetargetviewer dtquery dtsm vnest coordinatorsvc ecsportalsvc transformsvc Setting up SSL certificates ...done Starting ViPR services..done Waiting 300 seconds for services to stabilize...DONE Patching complete. admin@node1:~>
  1. 根據上述輸出完成修補時,結束工作階段畫面。
範例: 
admin@node1:/> exit logout [screen is terminating] admin@node1:/>
注意: 
如果您在執行進行中時意外關閉 PuTTY 工作階段,您可以登入同一個節點並執行以下命令來重新連接:
 

命令:
# screen -ls 
admin@node 1:~> screen -ls There is a screen on: 114475.pts-0.ecs-n3 (Detached) 1 Socket in /var/run/uscreens/S-admin.
重新連接至自先前輸出中分離的工作階段 
admin@node1:~> screen -r 114475.pts-0.ecs-n3

  1. 確認已套用修正程式。

    1. 以下輸出來自已套用修正的系統。

命令:

# /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch status

範例: 
admin@node1:/> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch status svc_patch Version 2.9.1 Verifying patch bundle consistency DONE Detecting nodes in current VDC DONE Reading in patch details (1 of 2) DONE Reading in patch details (2 of 2) DONE Validating nodes are online DONE Checking Installed Patches and Dependencies DONE Patches/releases currently installed: CVE-2021-44228_log4j-fix_3.3.x-3.6.2 (PatchID: 3298) Fixes for Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 Patches that need to be installed: No files need to be installed. The following services need to be restarted: No services need to be restarted.
  1. 以下輸出來自尚未套用修正的系統。
範例:  
admin@node1:/> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch status svc_patch Version 2.9.1 Verifying patch bundle consistency DONE Detecting nodes in current VDC DONE Reading in patch details (1 of 2) DONE Reading in patch details (2 of 2) DONE Validating nodes are online DONE Checking Installed Patches and Dependencies DONE Patches/releases currently installed: [ None detected ] Patches that need to be installed: CVE-2021-44228_log4j-fix_3.3.x-3.6.2 (PatchID: 3298) Files that need to be installed: /opt/storageos/lib/log4j-core-2.5.jar (from CVE-2021-44228_log4j-fix_3.3.x-3.6.2) The following services need to be restarted: ALL


 

故障診斷:

  1. DT 穩定時間過長
  1. 如果 DT 穩定花費的時間超過預設的 7.5 分鐘,svc_patch 應用程式會提示您繼續或中止修補程序。
範例: 
admin@node1:~> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch install [...Truncated Output of each node Distributing files and restarting services...] Restarting services on 1xx.xx.xx.xx Restarting all services Waiting 180 seconds for services to stabilize...DONE Waiting for DTs to come online ERROR: DT Check failed. DTs did not come ready or could not be checked after several passes. Do you wish to continue anyway (y/n)?
  1. 在另一個節點上開啟 PuTTY 工作階段,然後執行 svc_dt 命令,以檢查在「Unready #」欄中的 DT。如果沒有「0」值,請等待 15 分鐘,然後再次執行檢查。沒有未就緒 DT 時,請使用 svc_patch 返回工作階段。回答「是」並繼續。如果 svc_dt 繼續在「Unready #」DT 中列出值,請向 ECS 支援小組開立服務要求。
命令:
# svc_dt check -b
範例:  
admin@node1:~> svc_dt check -b svc_dt v1.0.25 (svc_tools v2.0.2)                 Started 2021-12-15 17:18:52 Date                     Total DT       Unknown #      Unready #      RIS Fail #     Dump Fail #    Check type     Time since check   Check successful 2021-12-15 17:17:54      1920           0              0              0              0              AutoCheck      0m 58s             True 2021-12-15 17:16:44      1920           0              0              0              0              AutoCheck      2m 8s              True 2021-12-15 17:16:10      1920           0              0              0              0              Manual Check   2m 42s             True 2021-12-15 17:15:34      1920           0              0              0              0              AutoCheck      3m 18s             True 2021-12-15 17:14:24      1920           0              0              0              0              AutoCheck      4m 28s             True 2021-12-15 17:13:13      1920           0              0              0              0              AutoCheck      5m 39s             True 2021-12-15 17:12:03      1920           0              0              0              0              AutoCheck      6m 49s             True 2021-12-15 17:10:53      1920           0              0              0              0              AutoCheck      7m 59s             True 2021-12-15 17:09:43      1920           0              0              0              0              AutoCheck      9m 9s              True 2021-12-15 17:08:32      1920           0              0              0              0              AutoCheck      10m 20s            True
 
  1. 所有節點上的所有服務均未重新開機,因為未在畫面中執行,PuTTY 工作階段會提前結束。
範例如下:  重新登入後,服務會在 6 個節點的 4 個節點上重新開機。請參閱以下反白顯示的節點 5 和 6。 
admin@node1:~> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch status svc_patch Version 2.9.1 Verifying patch bundle consistency DONE Detecting nodes in current VDC DONE Reading in patch details (1 of 2) DONE Reading in patch details (2 of 2) DONE Validating nodes are online DONE Checking Installed Patches and Dependencies DONE All nodes currently do not have the same patches installed. Patches/releases currently installed: 169.254.1.1: CVE-2021-44228_45046_log4j-fix 169.254.1.2: CVE-2021-44228_45046_log4j-fix 169.254.1.3: CVE-2021-44228_45046_log4j-fix 169.254.1.4: CVE-2021-44228_45046_log4j-fix 169.254.1.5: CVE-2021-44228_45046_log4j-fix 169.254.1.6: CVE-2021-44228_45046_log4j-fix Patches that need to be installed: 169.254.1.1:  169.254.1.2:  169.254.1.3:  169.254.1.4:  169.254.1.5:  169.254.1.6:  Files that need to be installed: 169.254.1.1:  169.254.1.2:  169.254.1.3:  169.254.1.4:  169.254.1.5:  169.254.1.6:  Services that need to be restarted: 169.254.1.1:  169.254.1.2:  169.254.1.3:  169.254.1.4:  169.254.1.5: ALL 169.254.1.6: ALL admin@ecsnode1:~>
解決方案:再次執行程序,原本遺失的剩餘節點會將其服務重新開機。其中的服務已重新開機的原始節點未受影響。 
admin@node1:~> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch install svc_patch Version 2.9.1 Verifying patch bundle consistency DONE Detecting nodes in current VDC DONE Reading in patch details (1 of 2) DONE Reading in patch details (2 of 2) DONE Validating nodes are online DONE Checking Installed Patches and Dependencies DONE All nodes currently do not have the same patches installed. Patches/releases currently installed: 169.254.1.1: CVE-2021-44228_45046_log4j-fix 169.254.1.2: CVE-2021-44228_45046_log4j-fix 169.254.1.3: CVE-2021-44228_45046_log4j-fix 169.254.1.4: CVE-2021-44228_45046_log4j-fix 169.254.1.5: CVE-2021-44228_45046_log4j-fix 169.254.1.6: CVE-2021-44228_45046_log4j-fix Patches that will be installed: 169.254.1.1:  169.254.1.2:  169.254.1.3:  169.254.1.4:  169.254.1.5:  169.254.1.6:  Files that will be installed: 169.254.1.1:  169.254.1.2:  169.254.1.3:  169.254.1.4:  169.254.1.5:  169.254.1.6:  Services that will be restarted: 169.254.1.1:  169.254.1.2:  169.254.1.3:  169.254.1.4:  169.254.1.5: ALL 169.254.1.6: ALL Patch Type: Standalone Number of nodes: 8 Number of seconds to wait between restarting node services: 450 Check DT status between node service restarts: true Do you wish to continue (y/n)?y No files to install on 169.254.1.1 Distributing patch installer to node '169.254.1.1' No files to install on 169.254.1.2 Distributing patch installer to node '169.254.1.2' No files to install on 169.254.1.3 Distributing patch installer to node '169.254.1.3' No files to install on 169.254.1.4 Distributing patch installer to node '169.254.1.4' No files to install on 169.254.1.5 Distributing patch installer to node '169.254.1.5' No files to install on 169.254.1.6 Distributing patch installer to node '169.254.1.6' No services to restart on 169.254.1.1 No services to restart on 169.254.1.2 No services to restart on 169.254.1.3 No services to restart on 169.254.1.4 Restarting services on 169.254.1.5 Restarting all services Waiting 450 seconds for services to stabilize...DONE Waiting for DTs to come online Restarting services on 169.254.1.6 Restarting all services Waiting 450 seconds for services to stabilize...DONE Waiting for DTs to come online Patching complete. admin@ecsnode1:~>
  1. 套用修補程式時無法將主機新增至已知主機的清單。
範例:  
svc_patch Version 2.9.1 Verifying patch bundle consistency DONE Detecting nodes in current VDC DONE Reading in patch details (1 of 2) DONE Reading in patch details (2 of 2) DONE Validating nodes are online FAILED ERROR: Could not execute commands on the object-main container on 169.254.x.x Output was 'Failed to add the host to the list of known hosts (/home/admin/.ssh/known_hosts). :patchtest:' Patching is unable to continue with unreachable nodes. To proceed: - Resolve problems accessing node(s) from this one. - Manually pass a MACHINES file containing the list of working nodes to patch (not recommended). - Contact your next level of support for other options or assistance.
 

解決方案:
原因可能是檔案 /home/admin/.ssh/known_hosts 的使用者是 root,預設為系統管理員。

範例:  
admin@node1:~> ls -l /home/admin/.ssh/known_hosts -rw------- 1 root root 1802 Jul 23 2019 /home/admin/.ssh/known_hosts admin@ecs:~>
 
若要從其他 PuTTY 工作階段中修正問題,請登入報告的節點,然後在使用者所在節點上為根使用者時,使用以下命令在所有報告的節點上將其變更為管理員:
 

命令:
#  sudo chown admin:users /home/admin/.ssh/known_hosts
 
範例: 
admin@node1:~> sudo chown admin:users /home/admin/.ssh/known_hosts
 
現在再重新執行 svc_patch 命令,則應該會通過 
admin@node1:~> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch install
  1. 由於 /home/admin/.ssh/known_hosts 中的主機金鑰不正確,因此無法在 169.254.x.x 的物件主容器上執行命令。
範例: 
svc_patch Version 2.9.1 Verifying patch bundle consistency DONE Detecting nodes in current VDC DONE Reading in patch details (1 of 2) DONE Reading in patch details (2 of 2) DONE Validating nodes are online FAILED ERROR: Could not execute commands on the object-main container on 169.254.x.x Output was '@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:RcwOsFj7zPA5p5kSeYovF4UlZTm125nLVeCL1zCqOzc. Please contact your system administrator. Add correct host key in /home/admin/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/admin/.ssh/known_hosts:14 You can use following command to remove the offending key: ssh-keygen -R 169.254.x.x -f /home/admin/.ssh/known_hosts Password authentication is disabled to avoid man-in-the-middle attacks. Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks. :patchtest:' Patching is unable to continue with unreachable nodes. To proceed: - Resolve problems accessing node(s) from this one. - Manually pass a MACHINES file containing the list of working nodes to patch (not recommended). - Contact your next level of support for other options or assistance.
 
解決方案:
 
請聯絡 ECS 支援以取得解決方案。

Affected Products

Elastic Cloud Storage

Products

ECS, ECS Appliance