misc_ssh_problems

SSH / RSA Key Update
Date: Tue, 13 Nov 2007 14:23:08 -0800 From: Alex Dioso via RT Subject: [Nikola Computing #1272] remote logon to vlsi servers from parvati

On Tue Nov 13 11:16:15 2007, jrhu wrote: > Hi Ali, > > For some reason, there are a slew of vlsi machines that I have problem > to log on. > See the cut-and-paste message below.

Unfortunately when we re-install a computer it gets a new ssh host key. The new host key conflicts with what your ssh program thinks the host key should be. This causes the error message you are seeing. Host keys are used to prevent another computer from masquerading as the computer you are trying to connect to.

> > What can I do to fix that?

The fix is contained in the error message, I'll try to describe the fix inline:

> > parvati [2] ssh -X vlsi007 > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle > attack)! > It is also possible that the RSA host key has just been changed. > The fingerprint for the RSA key sent by the remote host is .... > Please contact your system administrator. > Add correct host key in /homes/jrhu/.ssh/known_hosts to get rid of > this message.Offending key in /homes/jrhu/.ssh/known_hosts:16

Edit ~/.ssh/known_hosts and remove line 16 (the line starting with vlsi007). When you have edited and saved the file try to ssh to vlsi007 again. It should prompt you with:

The authenticity of host 'vlsi007 (128.95.4.68)' can't be established. RSA key fingerprint is .... Are you sure you want to continue connecting (yes/no)?

You can either choose to accept the new fingerprint (usually safe if you are within the EE network), or you can tell us what hosts you are connecting to and we can provide you with the correct fingerprints which you can then check against what ssh says is the fingerprint.

Hope that helps. Let me know if it doesn't.