[Wylug-help] SSH help requested

Anne Wilson anne at lydgate.org
Fri Dec 30 14:05:24 UTC 2011 

Some time ago I moved the server from CentOS 5 to CentOS 6 - and am
still occasionally finding things that I missed.  One of those things is
setting up ssh access to my server from the netbook.

In preparation for a holiday, my strategy was to be

Stage 1 - install keychain + password to the netbook, and test access
across LAN
Stage 2 - test installation from external connection.

Clearly I've missed something.  This worked well against CentOS 5, but I
wiped the drive completely when I did the install, so I'm working with a
new key on the server.  Here's what I'm seeing now from the netbook:

[anne at AA1-red ~]$ ssh -v 192.168.0.40
OpenSSH_5.5p1, OpenSSL 1.0.0e-fips 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.0.40 [192.168.0.40] port 22.
debug1: Connection established.
debug1: identity file /home/anne/.ssh/id_rsa type -1
debug1: identity file /home/anne/.ssh/id_rsa-cert type -1
debug1: identity file /home/anne/.ssh/id_dsa type 2
debug1: identity file /home/anne/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
df:df:a2:17:c3:f3:f4:8c:c5:e2:e3:83:ae:51:78:b3.
Please contact your system administrator.
Add correct host key in /home/anne/.ssh/known_hosts to get rid of this
message.
Offending key in /home/anne/.ssh/known_hosts:3
RSA host key for 192.168.0.40 has changed and you have requested strict
checking.
Host key verification failed.

I checked that I have correctly copied the rsa public key from the
server to the netbook's known-hosts file, and that it is owned anne:anne
perms 600.  I copied the netbook's dsa public key to the server's
known-hosts file and checked perms there.

What have I missed?

Anne


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.lug.org.uk/pipermail/wylug-help/attachments/20111230/c22e7638/attachment.pgp>

More information about the Wylug-help mailing list