<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
On 30/12/2011 14:05, Anne Wilson wrote:
<blockquote cite="mid:4EFDC516.60808@lydgate.org" type="cite">
<pre wrap="">Some time ago I moved the server from CentOS 5 to CentOS 6 - and am
still occasionally finding things that I missed. One of those things is
setting up ssh access to my server from the netbook.
In preparation for a holiday, my strategy was to be
Stage 1 - install keychain + password to the netbook, and test access
across LAN
Stage 2 - test installation from external connection.
Clearly I've missed something. This worked well against CentOS 5, but I
wiped the drive completely when I did the install, so I'm working with a
new key on the server. Here's what I'm seeing now from the netbook:
[anne@AA1-red ~]$ ssh -v 192.168.0.40
OpenSSH_5.5p1, OpenSSL 1.0.0e-fips 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.0.40 [192.168.0.40] port 22.
debug1: Connection established.
debug1: identity file /home/anne/.ssh/id_rsa type -1
debug1: identity file /home/anne/.ssh/id_rsa-cert type -1
debug1: identity file /home/anne/.ssh/id_dsa type 2
debug1: identity file /home/anne/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
df:df:a2:17:c3:f3:f4:8c:c5:e2:e3:83:ae:51:78:b3.
Please contact your system administrator.
Add correct host key in /home/anne/.ssh/known_hosts to get rid of this
message.
Offending key in /home/anne/.ssh/known_hosts:3
</pre>
</blockquote>
It looks to me that you have to delete your old key.<br>
If so:<br>
edit: /home/anne/.ssh/known_hosts - line 3.<br>
You need to delete line 3.<br>
<br>
Then you can ssh -v 192.168.0.40 again and you will be asked for
verification.<br>
<br>
hth<br>
<br>
John C<br>
<br>
<blockquote cite="mid:4EFDC516.60808@lydgate.org" type="cite">
<pre wrap="">RSA host key for 192.168.0.40 has changed and you have requested strict
checking.
Host key verification failed.
I checked that I have correctly copied the rsa public key from the
server to the netbook's known-hosts file, and that it is owned anne:anne
perms 600. I copied the netbook's dsa public key to the server's
known-hosts file and checked perms there.
What have I missed?
Anne
---------------------------------------------------------------------------------------------------
Text inserted by Panda IS 2012:
This message has NOT been classified as spam. If it is unsolicited mail (spam), click on the following link to reclassify it: <a class="moz-txt-link-freetext" href="http://localhost:6083/Panda?ID=pav_36&SPAM=true&path=C:\Windows\system32\config\systemprofile\AppData\Local\Panda%20Security\Panda%20Internet%20Security%202012\AntiSpam">http://localhost:6083/Panda?ID=pav_36&SPAM=true&path=C:\Windows\system32\config\systemprofile\AppData\Local\Panda%20Security\Panda%20Internet%20Security%202012\AntiSpam</a>
---------------------------------------------------------------------------------------------------
</pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Wylug-help mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Wylug-help@wylug.org.uk">Wylug-help@wylug.org.uk</a>
<a class="moz-txt-link-freetext" href="https://mailman.lug.org.uk/mailman/listinfo/wylug-help">https://mailman.lug.org.uk/mailman/listinfo/wylug-help</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
=================================================
Check out our British Country Music Web Sites
<a class="moz-txt-link-freetext" href="http://www.countrymusic.org.uk">http://www.countrymusic.org.uk</a>
<a class="moz-txt-link-freetext" href="http://www.bcmi-radio.co.uk">http://www.bcmi-radio.co.uk</a>
Over 300,000 visitors a week
=================================================</pre>
</body>
</html>