 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Mon, 29 Feb 2016 16:56:38 +0000 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Thanks Stefan,
Experts will look into that.
Jesus
> On Feb 29, 2016, at 10:23 AM, Stefan Piperov <[log in to unmask]> wrote:
>
>
> I just wanted to provide this feedback on the Round-Robin SSH service of CMSLPC, because I believe that there is still a problem there.
>
> With the following SSH client configuration on a SL6 machine:
>
> Host 131.225.* *.fnal.gov
> GSSAPIAuthentication yes
> GSSAPIDelegateCredentials yes
> GSSAPITrustDNS yes
> ForwardX11 yes
> ForwardX11Trusted yes
>
>
> I clearly see two groups of login nodes (see attached lists), with two distinct SSH keys, which - when cached in ~/.ssh/known_hosts cause only one of the two groups of login nodes to allow connections, while the other group gets rejected with the familiar error message below.
>
> Can someone at Fermi/LPC have a look and make sure that all login nodes provide the same ssh key, please?
>
> Cheers,
> Stefan.
>
>
> =========================================================================
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> The RSA host key for cmslpc-sl6.fnal.gov has changed,
> and the key for the corresponding IP address 131.225.190.54
> is unknown. This could either mean that
> DNS SPOOFING is happening or the IP address for the host
> and its host key have changed at the same time.
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that the RSA host key has just been changed.
>
>
> <CMSLPC-Roundobin.txt>
|
|
|
