-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/03/12 23:16, Andreas Petzold wrote:
> Hi Anne
>
Hi, Andreas
> On 03/11/2012 06:24 PM, Anne Wilson wrote:
>> Offending key in /home/anne/.ssh/known_hosts:3 RSA host key for
>> 192.168.0.40 has changed and you have requested strict checking.
>> Host key verification failed.
>>
>> On the server I used ssh-keygen to list the fingerprint, and it
>> matches the above.
>
> the question is, where does this new host key come from? Did you
> create a new host key? Did you delete the host key on the server
> and restart sshd? Did you reinstall your server?
>
Yes, I installed SL in place of CentOS after a catastrophe. That was
in February. Since then I have ssh'd in entering the password, but
then decided that it was time to get keychain handling ssh-with-keys
working again. It had worked under CentOS.
>> I then copied the rsa public key into ~/.ssh/known_hosts, but I
>> still can't get any further.
>>
>> I have tried removing the key so that there no longer is an
>> entry known_hosts:3
>
> That means line 3 of /home/anne/.ssh/known_hosts is the problem.
> Please check that line in the known_hosts file and remove it.
>
Is that on the remote box or the local laptop? As far as I know I
have tried removing it on both, just to be sure, but it made no
difference. In fact when only two keys were in the file I still got
the same message, so unless there is a cacheing issue I'm doing
something wrong.
>> in the hope that it would ask me to verify, as it used to. When
>> that didn't work, I replaced the key but then tried changing
>> strict-checking temporarily to "no" (it's changed back now),
>> again, hoping that it would allow me to verify the key.
>>
>> What steps have I missed? Are changes personal (i.e. re-read at
>> login)
>
> ~/.ssh/known_hosts and /etc/ssh/ssh_known_hosts are re-read at
> every invocation of ssh.
>
>> or do they require a reboot?
>
> Never.
>
>> Should I be making changes to ~/.ssh or /etc/ssh files or both?
>
> Putting the public ssh host key of a remote server into
> /etc/ssh/ssh_known_hosts will provide all users of your system with
> the host keys to compare when they login to the remote server. Of
> course you should always verify the authenticity of the public key
> (if at all possible) before you add it!
>
>
I'm the only user, really (one more in theory, but used more for
testing than actual use). I've been putting them into
~/.ssh/known_hosts. I don't understand what is wrong - the key is
there, and is correct. The laptop (Fedora) and the server box (
SL) are set up in the same way, as far as I can see. In SL I can ssh
into the laptop, but on the laptop I can't ssh into the server.
It's very odd.
Anne
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9eRl0ACgkQj93fyh4cnBdbUQCeOU1YPkpMubx9c6FfIYGD4sfW
wUYAn3+yUATMAi2n3e2JSMMqSddJXoWr
=wg/Z
-----END PGP SIGNATURE-----
|