LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

March 2012

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS March 2012

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Ssh access problems
From:	Anne Wilson <[log in to unmask]>
Reply To:	Anne Wilson <[log in to unmask]>
Date:	Mon, 12 Mar 2012 18:54:23 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (84 lines)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/03/12 23:16, Andreas Petzold wrote:
> Hi Anne
> 
Hi, Andreas

> On 03/11/2012 06:24 PM, Anne Wilson wrote:

>> Offending key in /home/anne/.ssh/known_hosts:3 RSA host key for 
>> 192.168.0.40 has changed and you have requested strict checking. 
>> Host key verification failed.
>> 
>> On the server I used ssh-keygen to list the fingerprint, and it 
>> matches the above.
> 
> the question is, where does this new host key come from? Did you 
> create a new host key? Did you delete the host key on the server 
> and restart sshd? Did you reinstall your server?
> 
Yes, I installed SL in place of CentOS after a catastrophe.  That was
in February.  Since then I have ssh'd in entering the password, but
then decided that it was time to get keychain handling ssh-with-keys
working again.  It had worked under CentOS.

>> I then copied the rsa public key into ~/.ssh/known_hosts, but I 
>> still can't get any further.
>> 
>> I have tried removing the key so that there no longer is an
>> entry known_hosts:3
> 
> That means line 3 of /home/anne/.ssh/known_hosts is the problem. 
> Please check that line in the known_hosts file and remove it.
> 
Is that on the remote box or the local laptop?  As far as I know I
have tried removing it on both, just to be sure, but it made no
difference.  In fact when only two keys were in the file I still got
the same message, so unless there is a cacheing issue I'm doing
something wrong.

>> in the hope that it would ask me to verify, as it used to.  When
>>  that didn't work, I replaced the key but then tried changing 
>> strict-checking temporarily to "no" (it's changed back now), 
>> again, hoping that it would allow me to verify the key.
>> 
>> What steps have I missed?  Are changes personal (i.e. re-read at 
>> login)
> 
> ~/.ssh/known_hosts and /etc/ssh/ssh_known_hosts are re-read at 
> every invocation of ssh.
> 
>> or do they require a reboot?
> 
> Never.
> 
>> Should I be making changes to ~/.ssh or /etc/ssh files or both?
> 
> Putting the public ssh host key of a remote server into 
> /etc/ssh/ssh_known_hosts will provide all users of your system with
> the host keys to compare when they login to the remote server. Of
> course you should always verify the authenticity of the public key
> (if at all possible) before you add it!
> 
> 
I'm the only user, really (one more in theory, but used more for
testing than actual use).  I've been putting them into
~/.ssh/known_hosts.  I don't understand what is wrong - the key is
there, and is correct.  The laptop (Fedora) and the server box (
SL) are set up in the same way, as far as I can see.  In SL I can ssh
into the laptop, but on the laptop I can't ssh into the server.

It's very odd.

Anne
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9eRl0ACgkQj93fyh4cnBdbUQCeOU1YPkpMubx9c6FfIYGD4sfW
wUYAn3+yUATMAi2n3e2JSMMqSddJXoWr
=wg/Z
-----END PGP SIGNATURE-----

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV