[Wylug-help] SSH help requested

John Craven jc at ukzone.com
Fri Dec 30 16:26:15 UTC 2011 

On 30/12/2011 14:05, Anne Wilson wrote:
> Some time ago I moved the server from CentOS 5 to CentOS 6 - and am
> still occasionally finding things that I missed.  One of those things is
> setting up ssh access to my server from the netbook.
>
> In preparation for a holiday, my strategy was to be
>
> Stage 1 - install keychain + password to the netbook, and test access
> across LAN
> Stage 2 - test installation from external connection.
>
> Clearly I've missed something.  This worked well against CentOS 5, but I
> wiped the drive completely when I did the install, so I'm working with a
> new key on the server.  Here's what I'm seeing now from the netbook:
>
> [anne at AA1-red ~]$ ssh -v 192.168.0.40
> OpenSSH_5.5p1, OpenSSL 1.0.0e-fips 6 Sep 2011
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to 192.168.0.40 [192.168.0.40] port 22.
> debug1: Connection established.
> debug1: identity file /home/anne/.ssh/id_rsa type -1
> debug1: identity file /home/anne/.ssh/id_rsa-cert type -1
> debug1: identity file /home/anne/.ssh/id_dsa type 2
> debug1: identity file /home/anne/.ssh/id_dsa-cert type -1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
> debug1: match: OpenSSH_5.3 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.5
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that the RSA host key has just been changed.
> The fingerprint for the RSA key sent by the remote host is
> df:df:a2:17:c3:f3:f4:8c:c5:e2:e3:83:ae:51:78:b3.
> Please contact your system administrator.
> Add correct host key in /home/anne/.ssh/known_hosts to get rid of this
> message.
> Offending key in /home/anne/.ssh/known_hosts:3
>    
It looks to me that you have to delete your old key.
If so:
edit: /home/anne/.ssh/known_hosts - line 3.
You need to delete line 3.

Then you can ssh -v 192.168.0.40 again and you will be asked for 
verification.

hth

John C

> RSA host key for 192.168.0.40 has changed and you have requested strict
> checking.
> Host key verification failed.
>
> I checked that I have correctly copied the rsa public key from the
> server to the netbook's known-hosts file, and that it is owned anne:anne
> perms 600.  I copied the netbook's dsa public key to the server's
> known-hosts file and checked perms there.
>
> What have I missed?
>
> Anne
>
>
>
> ---------------------------------------------------------------------------------------------------
> Text inserted by Panda IS 2012:
>
>   This message has NOT been classified as spam. If it is unsolicited mail (spam), click on the following link to reclassify it: http://localhost:6083/Panda?ID=pav_36&SPAM=true&path=C:\Windows\system32\config\systemprofile\AppData\Local\Panda%20Security\Panda%20Internet%20Security%202012\AntiSpam
> ---------------------------------------------------------------------------------------------------
>    
>
>
> _______________________________________________
> Wylug-help mailing list
> Wylug-help at wylug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/wylug-help
>    


-- 
=================================================

   Check out our British Country Music Web Sites

         http://www.countrymusic.org.uk
         http://www.bcmi-radio.co.uk

   Over 300,000 visitors a week

=================================================

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/wylug-help/attachments/20111230/cd25884b/attachment.htm>

More information about the Wylug-help mailing list