Руководство По Устранению Ошибки для Cisco Cisco Content Security Management Appliance M390

Contributed by Fraidoon Sarwary and Robert Sherwin, Cisco TAC
Engineers.
Jul 16, 2015

This document describes the error "It is possible that someone is trying to hijack the encrypted connection to
the remote host," and the corrective steps to take on your Cisco Email Security Appliance (ESA) and Cisco
Security Management Appliance (SMA).

When you configure your ESA communication with your SMA, you might see this error:

Error − The host key for 172.16.6.165 appears to have changed.

It is possible that someone is trying to hijack the encrypted 

connection to the remote host. 

Please use the logconfig−>hostkeyconfig command to verify 

(and possibly update) the SSH host key for 172.16.6.165.

This can occur when an ESA is replaced and uses the same hostname and/or IP address as the original ESA.
The previously stored SSH keys used in communication and authentication between the ESA and SMA are
stored on the SMA. The SMA then sees that the ESA communication path has changed, and belives that an
unauthorized source is now in control of the IP address assocaited to the ESA.

In order to correct this, login to the CLI of the SMA, and complete these steps:

Enter the logconfig command.

1. 

Enter hostkeyconfig.

2. 

Enter delete and choose the number associated in the currently installed host key listing for the ESA
IP.

3. 

Return to the main CLI prompt and enter the commit command.

4. 

mysma.local> logconfig

Currently configured logs:

 Log Name Log Type Retrieval Interval 

 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−

 1. authentication Authentication Logs FTP Poll None 

 2. backup_logs Backup Logs FTP Poll None 

 3. cli_logs CLI Audit Logs FTP Poll None