Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Baskets

ECS:ECS 对 Apache Log4j 远程代码执行漏洞的解决方案

Summary: Apache Log4j 安全漏洞。

This article applies to   This article does not apply to 
Check out resources for

Symptoms

CVE 标识符 CVE-2021-44228
CVE 标识符 CVE_2021-45046

Apache 出版物:Apache Log4j 远程代码执行(英文版) 

Cause

Apache Log4j 安全漏洞。

Resolution

谁应该运行此过程?

戴尔要求客户执行这个升级 xdoctor 和安装修补程序的过程。这是最快和最安全的方法,因为它可避免长时间暴露于此 Apache 漏洞。本知识库文章详细介绍了所有步骤。此外,此知识库文章还随附提供视频指南(位于以下链接中),您可以按照此指南的说明操作

视频: Apache-Log4j
 

该过程的影响:

重新启动服务时可能会出现 I/O 超时。访问群集的应用程序必须能够处理 I/O 超时。执行此过程时,建议在维护窗口进行。
 

活动所需的时间(大概数值):

在服务重新启动之间,默认情况下每个节点设置大约 7 分钟的延迟。虚拟数据中心 (VDC) 中的节点数量乘以 7 分钟 + 准备、DT 稳定和后期检查所需的 60 分钟。
 
示例:
48 节点的 VDC 系统可能需要大约 6.5 小时:
7.5 分钟 X 48(VDC 节点数)+ 30 分钟(准备)= 6.5 小时或 390 分钟。

8 节点的 VDC 系统可能需要大约 1.5 小时:
7.5 分钟 X 8(VDC 节点数)+ 30 分钟(准备)= 1.5 小时或 90 分钟。


常见问题 (FAQ):

问:修补程序是 xdoctor 版本的一部分吗?
答:修补程序安装脚本是 xdoctor 版本 4.8-79.1 及更高版本的一部分。下载 xdoctor 和执行修补程序安装的说明位于解决方案步骤中。

问:是否可以并行更新多个 VDC?
答:否,一次在 1 个 VDC 上应用修补程序。

问:是否可以在运行代码版本 3.2.x 或更低版本的 ECS 上应用此修补程序?
答:否,此修补程序仅适用于 ECS 版本 3.3.x - 3.6.x。提出服务请求以便为较早版本安排升级。

问:如果在运行此过程后升级 ECS,那么是否需要在升级后重新运行此过程?
答:否(如果升级到 DSA-2021-273 中指定的具有永久修复的代码版本)。(如果升级到此相同 DSA 中指定的代码版本)。

问:在更换节点、重新映像或扩展之后,是否需要在之前安装修补程序的系统上重新应用该修补程序?
答:否(如果 VDC 运行的是 DSA-2021-273 中指定的代码版本)。(如果针对运行此相同 DSA 中指定的代码版本的 VDC 执行任何这些操作)。如果这些情况需要修补程序,则相关戴尔工程师将联系您,以告知需要更新

问:您应该以什么用户身份登录才能执行此知识库文章中的所有命令?
答:管理员

问:svc_patch 是否必须在所有机架上运行或是否必须与专用机器文件一起运行(在 VDC 中有多个机架的情况下)?
答:否(它会自动检测是否存在多个机架,并且在该 VDC 全部机架的所有节点上应用修补程序)。

问:我注意到目标 xdoctor 版本现在是 4.8-79.1(而不是 4.8-79.0)。为什么?
答:xDoctor 发布频繁,因此我们始终建议升级到最高发布版本。然而,如果您先前在使用版本 4.8-79.0 时已运行 apache 修复,那么系统会得到全面保护,免受漏洞影响,并且无需重新运行。


解决方案摘要:

  1. 将 ECS xDoctor 软件升级到版本 4.8.-79.1 或更高版本。
  2. 运行预检查。
  3. 使用 xDoctor 附带的 svc_patch 工具应用系统修补程序。
  4. 确认修复已应用。
  5. 故障排除。


解决方案步骤:

  1. 将 ECS xDoctor 软件升级到可用的最新版本。

  1. 检查系统上运行的 xDoctor 版本。如果该版本为 4.8-79.1 或更高版本,请转至步骤 2“运行预检查”。如果不是,请继续执行以下步骤。
命令:
# sudo xdoctor --version
 
示例: 
admin@node1:~> sudo xdoctor --version 4.8-79.1
  1. 登录到支持站点,直接连接到此下载链接,使用关键字搜索栏搜索 xDoctor,然后单击 xDoctor RPM 链接,以下载 xDoctor rpm。如果您想要查看发行说明,请按照发行说明进行操作,在侧边栏中选择手册和文档(它们应该可从侧边栏下载)。

  2. 下载 RPM 后,使用任何远程 SCP 程序,将文件上传到第一个 ECS 节点上的 /home/admin 目录。

  3. 上传完成后,以管理员身份通过 SSH 登录到 ECS 系统的第一个节点。
  4. 使用新分发的版本在所有节点上升级 xDoctor。
命令:
# sudo xdoctor --upgrade --local=/home/admin/xDoctor4ECS-4.8-79.1.noarch.rpm

示例: 
admin@node1:~> sudo xdoctor --upgrade --local=/home/admin/xDoctor4ECS-4.8-79.1.noarch.rpm 2021-12-20 12:06:11,358: xDoctor_4.8-78.2 - INFO : xDoctor Upgrader Instance (2:FTP_SFTP) 2021-12-20 12:06:11,358: xDoctor_4.8-78.2 - INFO : Local Upgrade (/home/admin/xDoctor4ECS-4.8-79.1.noarch.rpm) 2021-12-20 12:06:11,392: xDoctor_4.8-78.2 - INFO : Current Installed xDoctor version is 4.8-78.2 2021-12-20 12:06:11,429: xDoctor_4.8-78.2 - INFO : Requested package version is 4.8-79.1 2021-12-20 12:06:11,430: xDoctor_4.8-78.2 - INFO : Updating xDoctor RPM Package (RPM) 2021-12-20 12:06:11,482: xDoctor_4.8-78.2 - INFO : - Distribute package 2021-12-20 12:06:12,099: xDoctor_4.8-78.2 - INFO : - Install new rpm package 2021-12-20 12:06:37,829: xDoctor_4.8-78.2 - INFO : xDoctor successfully updated to version 4.8-79.1
  1. 如果环境是多机架 VDC,则您必须在每个机架的第一个节点上安装新的 xDoctor 软件包。要确定这些机架主节点,请运行以下命令。在此实例中,有四个机架,因此突出显示了四个机架主节点
  1. 命令:
    # svc_exec -m "ip address show private.4 |grep -w inet”

    示例:
admin@ecsnode1~> svc_exec -m "ip address show private.4 |grep -w inet" svc_exec v1.0.2 (svc_tools v2.1.0) Started 2021-12-20 14:03:33 Output from node: r1n1 retval: 0 inet 169.254.1.1/16 brd 169.254.255.255 scope global private.4 Output from node: r2n1 retval: 0 inet 169.254.2.1/16 brd 169.254.255.255 scope global private.4 Output from node: r3n1 retval: 0 inet 169.254.3.1/16 brd 169.254.255.255 scope global private.4 Output from node: r4n1 retval: 0 inet 169.254.4.1/16 brd 169.254.255.255 scope global private.4
  1. 根据以下方面,将软件包从系统的第一个节点 (R1N1) 复制到其他机架主节点:
示例: 
admin@ecsnode1~> scp xDoctor4ECS-4.8-79.1.noarch.rpm 169.254.2.1:/home/admin/ xDoctor4ECS-4.8-79.1.noarch.rpm 100% 32MB 31.9MB/s 00:00 admin@ecsnode1~> scp xDoctor4ECS-4.8-79.1.noarch.rpm 169.254.3.1:/home/admin/ xDoctor4ECS-4.8-79.1.noarch.rpm 100% 32MB 31.9MB/s 00:00 admin@ecsnode1~> scp xDoctor4ECS-4.8-79.1.noarch.rpm 169.254.4.1:/home/admin/ xDoctor4ECS-4.8-79.1.noarch.rpm 100% 32MB 31.9MB/s 00:00 admin@ecsnode1~>
  1. 按照上述步骤 e,在前面确定的上述每个机架主节点上运行相同的 xDoctor 安装命令。 
命令:
# sudo xdoctor --upgrade --local=/home/admin/xDoctor4ECS-4.8-79.1.noarch.rpm
 

  1. 运行预检查

    1. 使用 svc_dt 命令检查 DT 是否稳定。如果“Unready #”列显示 0,则 DT 是稳定的。如果是,请转至下一个检查。如果不是,请等待 15 分钟,然后再次检查。如果 DT 尚未稳定,请向 ECS 支持团队提出服务请求。
命令:
# svc_dt check -b
 
示例: 
admin@node1:~> svc_dt check -b svc_dt v1.0.25 (svc_tools v2.0.2) Started 2021-12-16 16:44:51 Date Total DT Unknown # Unready # RIS Fail # Dump Fail # Check type Time since check Check successful 2021-12-16 16:43:44 2432 0 0 0 0 AutoCheck 1m 7s True 2021-12-16 16:42:33 2432 0 0 0 0 AutoCheck 2m 18s True 2021-12-16 16:41:23 2432 0 0 0 0 AutoCheck 3m 28s True 2021-12-16 16:40:13 2432 0 0 0 0 AutoCheck 4m 38s True 2021-12-16 16:39:02 2432 0 0 0 0 AutoCheck 5m 49s True 2021-12-16 16:37:52 2432 0 0 0 0 AutoCheck 6m 59s True 2021-12-16 16:36:42 2432 0 0 0 0 AutoCheck 8m 9s True 2021-12-16 16:35:31 2432 0 0 0 0 AutoCheck 9m 20s True 2021-12-16 16:34:21 2432 0 0 0 0 AutoCheck 10m 30s True 2021-12-16 16:33:11 2432 0 0 0 0 AutoCheck 11m 40s True
  1. 使用 svc_patch 命令验证所有节点是否处于联机状态。如果是,请转至下一步。如果否,请调查原因,使其重新联机,然后再次运行检查。如果某个节点无法进入联机状态,请向 ECS 支持团队提出服务请求以进行调查。
命令:
# /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch status

示例: 
admin@node1:~> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch status svc_patch Version 2.9.1 Verifying patch bundle consistency DONE Detecting nodes in current VDC DONE Reading in patch details (1 of 2) DONE Reading in patch details (2 of 2) DONE Validating nodes are online DONE Checking Installed Patches and Dependencies DONE Patches/releases currently installed: [ None detected ] Patches that need to be installed: CVE-2021-44228_log4j-fix_3.3.x-3.6.2 (PatchID: 3298) Files that need to be installed: /opt/storageos/lib/log4j-core-2.5.jar (from CVE-2021-44228_log4j-fix_3.3.x-3.6.2) The following services need to be restarted: ALL

  1. 使用 xDoctor 附带的 svc_patch 工具应用系统修补程序。

    1. 运行 svc_patch 命令,在出现修补程序安装提示时键入“y”并按“Enter”键。该命令可以在任何 ECS 节点上运行。 

命令:
# screen -S patchinstall
# unset TMOUT
# /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch install

示例:

提醒:下面的输出中会有继续操作的提示。

admin@node1:~>screen -S patchinstall admin@node1:~> unset TMOUT admin@node1:~> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch install svc_patch Version 2.9.1 Verifying patch bundle consistency                    DONE Detecting nodes in current VDC                        DONE Reading in patch details (1 of 2)                     DONE Reading in patch details (2 of 2)                     DONE Validating nodes are online                           DONE Checking Installed Patches and Dependencies           DONE Patches/releases currently installed:         [ None detected ] Patches that will be installed:         CVE-2021-44228_log4j-fix_3.3.x-3.6.2                    (PatchID: 3298) Files that will be installed:         /opt/storageos/lib/log4j-core-2.5.jar                   (from CVE-2021-44228_log4j-fix_3.3.x-3.6.2) The following services will be restarted:         ALL Patch Type:                                                     Standalone Number of nodes:                                                8 Number of seconds to wait between restarting node services:     450 Check DT status between node service restarts:                  true Do you wish to continue (y/n)?y [...Truncated Output of each node Distributing files and restarting services...] Distributing files to node 1xx.xxx.xx.xx Distributing patch installer to node '1xx.xxx.xx.xx' Restarting services on 1xx.xxx.xx.xx Restarting all services Waiting 180 seconds for services to stabilize... [...Truncated Output of each node Distributing files and restarting services...] Stopping ViPR services..done Services status 3: stat georeceiver eventsvc blobsvc dataheadsvc blobsvc-perf blobsvc-fi resourcesvc resourcesvc-perf resourcesvc-fi rm cm ssm objcontrolsvc metering sr storageserver nvmeengine nvmetargetviewer dtquery dtsm vnest coordinatorsvc ecsportalsvc transformsvc Setting up SSL certificates ...done Starting ViPR services..done Waiting 300 seconds for services to stabilize...DONE Patching complete. admin@node1:~>
  1. 根据上述输出完成修补后,退出会话屏幕。
示例: 
admin@node1:/> exit logout [screen is terminating] admin@node1:/>
提醒: 
如果在执行过程中意外关闭 PuTTY 会话,您可以通过重新登录到同一节点并运行以下命令来重新连接:
 

命令:
# screen -ls 
admin@node 1:~> screen -ls There is a screen on: 114475.pts-0.ecs-n3 (Detached) 1 Socket in /var/run/uscreens/S-admin.
从先前的输出重新连接到已断开的会话 
admin@node1:~> screen -r 114475.pts-0.ecs-n3

  1. 确认修复已应用。

    1. 下面的输出来自已应用修复的系统。

命令:

# /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch status

示例: 
admin@node1:/> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch status svc_patch Version 2.9.1 Verifying patch bundle consistency DONE Detecting nodes in current VDC DONE Reading in patch details (1 of 2) DONE Reading in patch details (2 of 2) DONE Validating nodes are online DONE Checking Installed Patches and Dependencies DONE Patches/releases currently installed: CVE-2021-44228_log4j-fix_3.3.x-3.6.2 (PatchID: 3298) Fixes for Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 Patches that need to be installed: No files need to be installed. The following services need to be restarted: No services need to be restarted.
  1. 下面的输出来自未应用修复的系统。
示例:  
admin@node1:/> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch status svc_patch Version 2.9.1 Verifying patch bundle consistency DONE Detecting nodes in current VDC DONE Reading in patch details (1 of 2) DONE Reading in patch details (2 of 2) DONE Validating nodes are online DONE Checking Installed Patches and Dependencies DONE Patches/releases currently installed: [ None detected ] Patches that need to be installed: CVE-2021-44228_log4j-fix_3.3.x-3.6.2 (PatchID: 3298) Files that need to be installed: /opt/storageos/lib/log4j-core-2.5.jar (from CVE-2021-44228_log4j-fix_3.3.x-3.6.2) The following services need to be restarted: ALL


 

故障处理:

  1. DT 稳定用时太长
  1. 如果 DT 稳定所用时间超过默认的 7.5 分钟,则 svc_patch 应用程序会提示继续或停止修补过程。
示例: 
admin@node1:~> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch install [...Truncated Output of each node Distributing files and restarting services...] Restarting services on 1xx.xx.xx.xx Restarting all services Waiting 180 seconds for services to stabilize...DONE Waiting for DTs to come online ERROR: DT Check failed. DTs did not come ready or could not be checked after several passes. Do you wish to continue anyway (y/n)?
  1. 在另一个节点上打开 PuTTY 会话,并运行 svc_dt 命令以检查“Unready #”列中的 DT。如果没有“0”值,请等待 15 分钟,然后再次运行检查。当没有未就绪的 DT 时,返回到 svc_patch 的会话。回答“y”,然后继续。如果 svc_dt 继续在“Unready #”列中列出 DT 数值,请向 ECS 支持团队提出服务请求。
命令:
# svc_dt check -b
示例:  
admin@node1:~> svc_dt check -b svc_dt v1.0.25 (svc_tools v2.0.2)                 Started 2021-12-15 17:18:52 Date                     Total DT       Unknown #      Unready #      RIS Fail #     Dump Fail #    Check type     Time since check   Check successful 2021-12-15 17:17:54      1920           0              0              0              0              AutoCheck      0m 58s             True 2021-12-15 17:16:44      1920           0              0              0              0              AutoCheck      2m 8s              True 2021-12-15 17:16:10      1920           0              0              0              0              Manual Check   2m 42s             True 2021-12-15 17:15:34      1920           0              0              0              0              AutoCheck      3m 18s             True 2021-12-15 17:14:24      1920           0              0              0              0              AutoCheck      4m 28s             True 2021-12-15 17:13:13      1920           0              0              0              0              AutoCheck      5m 39s             True 2021-12-15 17:12:03      1920           0              0              0              0              AutoCheck      6m 49s             True 2021-12-15 17:10:53      1920           0              0              0              0              AutoCheck      7m 59s             True 2021-12-15 17:09:43      1920           0              0              0              0              AutoCheck      9m 9s              True 2021-12-15 17:08:32      1920           0              0              0              0              AutoCheck      10m 20s            True
 
  1. 未在所有节点上重新启动所有服务,因为没有在屏幕中执行,并且 PuTTY 会话过早结束。
下面的示例:  重新登录后,6 个节点中有 4 个节点上的服务重新启动。请查看下面突出显示的节点 5 和 6。 
admin@node1:~> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch status svc_patch Version 2.9.1 Verifying patch bundle consistency DONE Detecting nodes in current VDC DONE Reading in patch details (1 of 2) DONE Reading in patch details (2 of 2) DONE Validating nodes are online DONE Checking Installed Patches and Dependencies DONE All nodes currently do not have the same patches installed. Patches/releases currently installed: 169.254.1.1: CVE-2021-44228_45046_log4j-fix 169.254.1.2: CVE-2021-44228_45046_log4j-fix 169.254.1.3: CVE-2021-44228_45046_log4j-fix 169.254.1.4: CVE-2021-44228_45046_log4j-fix 169.254.1.5: CVE-2021-44228_45046_log4j-fix 169.254.1.6: CVE-2021-44228_45046_log4j-fix Patches that need to be installed: 169.254.1.1:  169.254.1.2:  169.254.1.3:  169.254.1.4:  169.254.1.5:  169.254.1.6:  Files that need to be installed: 169.254.1.1:  169.254.1.2:  169.254.1.3:  169.254.1.4:  169.254.1.5:  169.254.1.6:  Services that need to be restarted: 169.254.1.1:  169.254.1.2:  169.254.1.3:  169.254.1.4:  169.254.1.5: ALL 169.254.1.6: ALL admin@ecsnode1:~>
解决方案:再次运行该过程,最初错过的其余节点会重新启动其服务。服务已重新启动的原始节点未受影响。 
admin@node1:~> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch install svc_patch Version 2.9.1 Verifying patch bundle consistency DONE Detecting nodes in current VDC DONE Reading in patch details (1 of 2) DONE Reading in patch details (2 of 2) DONE Validating nodes are online DONE Checking Installed Patches and Dependencies DONE All nodes currently do not have the same patches installed. Patches/releases currently installed: 169.254.1.1: CVE-2021-44228_45046_log4j-fix 169.254.1.2: CVE-2021-44228_45046_log4j-fix 169.254.1.3: CVE-2021-44228_45046_log4j-fix 169.254.1.4: CVE-2021-44228_45046_log4j-fix 169.254.1.5: CVE-2021-44228_45046_log4j-fix 169.254.1.6: CVE-2021-44228_45046_log4j-fix Patches that will be installed: 169.254.1.1:  169.254.1.2:  169.254.1.3:  169.254.1.4:  169.254.1.5:  169.254.1.6:  Files that will be installed: 169.254.1.1:  169.254.1.2:  169.254.1.3:  169.254.1.4:  169.254.1.5:  169.254.1.6:  Services that will be restarted: 169.254.1.1:  169.254.1.2:  169.254.1.3:  169.254.1.4:  169.254.1.5: ALL 169.254.1.6: ALL Patch Type: Standalone Number of nodes: 8 Number of seconds to wait between restarting node services: 450 Check DT status between node service restarts: true Do you wish to continue (y/n)?y No files to install on 169.254.1.1 Distributing patch installer to node '169.254.1.1' No files to install on 169.254.1.2 Distributing patch installer to node '169.254.1.2' No files to install on 169.254.1.3 Distributing patch installer to node '169.254.1.3' No files to install on 169.254.1.4 Distributing patch installer to node '169.254.1.4' No files to install on 169.254.1.5 Distributing patch installer to node '169.254.1.5' No files to install on 169.254.1.6 Distributing patch installer to node '169.254.1.6' No services to restart on 169.254.1.1 No services to restart on 169.254.1.2 No services to restart on 169.254.1.3 No services to restart on 169.254.1.4 Restarting services on 169.254.1.5 Restarting all services Waiting 450 seconds for services to stabilize...DONE Waiting for DTs to come online Restarting services on 169.254.1.6 Restarting all services Waiting 450 seconds for services to stabilize...DONE Waiting for DTs to come online Patching complete. admin@ecsnode1:~>
  1. 应用修补程序时无法将主机添加到已知主机列表。
示例:  
svc_patch Version 2.9.1 Verifying patch bundle consistency DONE Detecting nodes in current VDC DONE Reading in patch details (1 of 2) DONE Reading in patch details (2 of 2) DONE Validating nodes are online FAILED ERROR: Could not execute commands on the object-main container on 169.254.x.x Output was 'Failed to add the host to the list of known hosts (/home/admin/.ssh/known_hosts). :patchtest:' Patching is unable to continue with unreachable nodes. To proceed: - Resolve problems accessing node(s) from this one. - Manually pass a MACHINES file containing the list of working nodes to patch (not recommended). - Contact your next level of support for other options or assistance.
 

解决方案:
原因可能是:文件 /home/admin/.ssh/known_hosts 的用户为 root 用户,而默认情况下这应该是管理员。

示例:  
admin@node1:~> ls -l /home/admin/.ssh/known_hosts -rw------- 1 root root 1802 Jul 23 2019 /home/admin/.ssh/known_hosts admin@ecs:~>
 
要解决另一个 PuTTY 会话中的问题,请登录到报告的一个或多个节点,并在所有报告的节点上使用以下命令,将节点上呈现为 root 用户的用户更改为管理员:
 

命令:
#  sudo chown admin:users /home/admin/.ssh/known_hosts
 
示例: 
admin@node1:~> sudo chown admin:users /home/admin/.ssh/known_hosts
 
现在,再次重新运行 svc_patch 命令,它应该会通过 
admin@node1:~> /opt/emc/xdoctor/patches/CVE-2021-44228_45046_log4j-fix/svc_patch install
  1. 由于 /home/admin/.ssh/known_hosts 中的主机密钥不正确,无法对 169.254.x.x 上的 object-main 容器执行命令。
示例: 
svc_patch Version 2.9.1 Verifying patch bundle consistency DONE Detecting nodes in current VDC DONE Reading in patch details (1 of 2) DONE Reading in patch details (2 of 2) DONE Validating nodes are online FAILED ERROR: Could not execute commands on the object-main container on 169.254.x.x Output was '@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:RcwOsFj7zPA5p5kSeYovF4UlZTm125nLVeCL1zCqOzc. Please contact your system administrator. Add correct host key in /home/admin/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/admin/.ssh/known_hosts:14 You can use following command to remove the offending key: ssh-keygen -R 169.254.x.x -f /home/admin/.ssh/known_hosts Password authentication is disabled to avoid man-in-the-middle attacks. Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks. :patchtest:' Patching is unable to continue with unreachable nodes. To proceed: - Resolve problems accessing node(s) from this one. - Manually pass a MACHINES file containing the list of working nodes to patch (not recommended). - Contact your next level of support for other options or assistance.
 
解决方案:
 
联系 ECS 支持人员以获得解决方案。

Affected Products

Elastic Cloud Storage

Products

ECS, ECS Appliance
Article Properties
Article Number: 000194467
Article Type: Solution
Last Modified: 13 Sept 2022
Version:  26
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.
Article Properties
Article Number: 000194467
Article Type: Solution
Last Modified: 13 Sept 2022
Version:  26
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.