Table of Contents
If you have multiple separate stacks with Sonassi, you will find that connecting to different stacks and accessing SSH is going to trigger a warning,
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
This is caused by the fact all MageStack stacks use the same internal hostnames and IP addresses. So regardless of the stack you've connected to, the access server is always going to be available at
acc.magestack.com (causing a
There are a number of ways this can be overcome, there is no "best" solution, so evaluate which suits your needs best.
The simplest way to address this is to create separate HOSTS entries for each stack you are connecting to, and map them to the same IP,
Then in your SSH/SCP/SFTP connection, just set the hostname as the respective name you've defined above.
Security policies on Linux are a little stricter, so a HOSTS override won't work, so the techniques required are a little more advanced. Here are a few possible solutions, listed in order of best to worst.
Disable host checking for your user
Create a new file,
~/.ssh/config and define the following,
Disable host checking for all users
/etc/ssh/ssh_config, define the following,
Scan hosts on connect
In your OpenVPN configuration file (usually
/etc/openvpn/dhX.cX.sonassihosting.com.conf), add the following two arguments,
/usr/local/bin/rescan-acc.sh with the following contents, edit
_HOME as necessary
# Change _HOME to suit your own home directory
# Wait for routes to come up
while ! route -n | grep -q 172.16.0.0; do
[ $_MAX_RETRIES -eq 0 ] && exit 1
_MAX_RETRIES=$(( _MAX_RETRIES - 1 ))
ssh-keygen -R acc.magestack.com
ssh-keygen -R 172.16.0.61
ssh-keyscan -H acc.magestack.com >> $_HOME/.ssh/known_hosts
ssh-keyscan -t ecdsa -H acc.magestack.com >> $_HOME/.ssh/known_hosts
) >/dev/null 2>&1 &
Finally make the script executable,
chmod +x /usr/local/bin/rescan-acc.sh
This script will be executed when the VPN connects, but prior to the routes being brought up. So it backgrounds itself and waits for the routes to become available. As soon as they are, it clears the old known host - and scans/updates it.