[Wylug-help] SSH help requested

Lee lee at leeevans.org
Fri Dec 30 14:30:22 UTC 2011 

Did you just add the new key to the end of the known_hosts file and forget
to delete the existing entry?

Lee

-----Original Message-----
From: wylug-help-bounces at wylug.org.uk
[mailto:wylug-help-bounces at wylug.org.uk] On Behalf Of Anne Wilson
Sent: 30 December 2011 14:05
To: wylug-help at wylug.org.uk
Subject: [Wylug-help] SSH help requested

Some time ago I moved the server from CentOS 5 to CentOS 6 - and am still
occasionally finding things that I missed.  One of those things is setting
up ssh access to my server from the netbook.

In preparation for a holiday, my strategy was to be

Stage 1 - install keychain + password to the netbook, and test access across
LAN Stage 2 - test installation from external connection.

Clearly I've missed something.  This worked well against CentOS 5, but I
wiped the drive completely when I did the install, so I'm working with a new
key on the server.  Here's what I'm seeing now from the netbook:

[anne at AA1-red ~]$ ssh -v 192.168.0.40
OpenSSH_5.5p1, OpenSSL 1.0.0e-fips 6 Sep 2011
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.0.40 [192.168.0.40] port 22.
debug1: Connection established.
debug1: identity file /home/anne/.ssh/id_rsa type -1
debug1: identity file /home/anne/.ssh/id_rsa-cert type -1
debug1: identity file /home/anne/.ssh/id_dsa type 2
debug1: identity file /home/anne/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
df:df:a2:17:c3:f3:f4:8c:c5:e2:e3:83:ae:51:78:b3.
Please contact your system administrator.
Add correct host key in /home/anne/.ssh/known_hosts to get rid of this
message.
Offending key in /home/anne/.ssh/known_hosts:3 RSA host key for 192.168.0.40
has changed and you have requested strict checking.
Host key verification failed.

I checked that I have correctly copied the rsa public key from the server to
the netbook's known-hosts file, and that it is owned anne:anne perms 600.  I
copied the netbook's dsa public key to the server's known-hosts file and
checked perms there.

What have I missed?

Anne

More information about the Wylug-help mailing list