Differences
This shows you the differences between two versions of the page.
aerocom:user-server-ng [2016-09-02 11:40:34] jang [User problems with a changed ssh host key] |
aerocom:user-server-ng [2022-05-31 09:29:31] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== User problems with the changed ssh host key of aerocom-users.met.no ====== | ||
- | **Background: | ||
- | aerocom-users.met.no was moved to a new machine, but the hostname was retained. In addition, the operating system was updated from Ubuntu 12.04.5 LTS to Ubuntu 16.04.1 LTS. This upgrade phased out the support for [[https:// | ||
- | This leads to two possible problems when users try to use aerocom-users.met.no from systems that had used to connect to it before: | ||
- | - Users need to update the ssh host key | ||
- | - Users that used a DSA public key before need to change to a [[https:// | ||
- | ===== update the ssh host key ===== | ||
- | if a user has been connected to aerocom-user.met.no before he/she will see the following error message\\ | ||
- | < | ||
- | jang@pcxyz: | ||
- | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | ||
- | @ | ||
- | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | ||
- | The RSA host key for aerocom-users.met.no has changed, | ||
- | and the key for the corresponding IP address 157.249.176.166 | ||
- | is unknown. This could either mean that | ||
- | DNS SPOOFING is happening or the IP address for the host | ||
- | and its host key have changed at the same time. | ||
- | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | ||
- | @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! | ||
- | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ | ||
- | IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! | ||
- | Someone could be eavesdropping on you right now (man-in-the-middle attack)! | ||
- | It is also possible that a host key has just been changed. | ||
- | The fingerprint for the RSA key sent by the remote host is | ||
- | 64: | ||
- | Please contact your system administrator. | ||
- | Add correct host key in / | ||
- | Offending RSA key in / | ||
- | remove with: ssh-keygen -f "/ | ||
- | RSA host key for aerocom-users.met.no has changed and you have requested strict checking. | ||
- | Host key verification failed. | ||
- | </ | ||
- | |||
- | Reading through the error message, the user is pointed to the solution of the problem: running the following command: | ||
- | < | ||
- | ssh-keygen -f "/ | ||
- | </ | ||
- | |||
- | another possibility is to just remove the offending line from / | ||
- | < | ||
- | Offending RSA key in / | ||
- | </ | ||
- | Removal of (in this example) line 8 of ~/ | ||
- | |||
- | Running the first command outputs the following: | ||
- | < | ||
- | jang@pcxyz: | ||
- | / | ||
- | Original contents retained as / | ||
- | </ | ||
- | |||
- | connecting to aerocom-users.met.no then leads to: | ||
- | < | ||
- | jang@pcxyz: | ||
- | The authenticity of host ' | ||
- | ECDSA key fingerprint is e7: | ||
- | Are you sure you want to continue connecting (yes/no)? yes | ||
- | Warning: Permanently added ' | ||
- | Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-34-generic x86_64) | ||
- | |||
- | * Documentation: | ||
- | * Management: | ||
- | * Support: | ||
- | |||
- | System information as of Fri Sep 2 08:46:36 UTC 2016 | ||
- | |||
- | System load: 0.1 | ||
- | Usage of /home: 1.6% of 1023.50GB | ||
- | Memory usage: | ||
- | Swap usage: | ||
- | |||
- | Graph this data and manage this system at: | ||
- | https:// | ||
- | |||
- | Get cloud support with Ubuntu Advantage Cloud Guest: | ||
- | http:// | ||
- | |||
- | 1 package can be updated. | ||
- | 0 updates are security updates. | ||
- | |||
- | |||
- | *** System restart required *** | ||
- | |||
- | ========================================================================= | ||
- | | ||
- | |||
- | aerocom-users.met.no has moved to a new machine and the aerocom database | ||
- | has been reorganised | ||
- | |||
- | The database can now be found below the directory | ||
- | / | ||
- | and is then further divided into the projects we work and have worked on | ||
- | |||
- | Please write an email to jan.griesfeller@met.no or michael.schulz.met.no | ||
- | or annac@met.no in case you have further questions | ||
- | ========================================================================= | ||
- | |||
- | Last login: Fri Sep 2 08:45:43 2016 from 157.249.112.29 | ||
- | jang@aerocom-users-ng: | ||
- | </ | ||
- | |||
- | Please note the the offcial hostname is aerocom-users-ng.met.no | ||
- | |||
- | ===== create a new rsa key ===== | ||
- | |||
- | ==== Step 1: Check for SSH keys ==== | ||
- | First, we need to check for existing ssh keys on your computer. Open up Terminal and run: | ||
- | < | ||
- | $ ls | ||
- | # Lists the files in your .ssh directory</ | ||
- | |||
- | Check the directory listing to see if you have a file named < | ||
- | If you don't, go to step 2. If you already have an existing keypair, skip to step 3. | ||
- | **Please note that aerocom-users-met.no will not accept DSA keys.** These are considered not secure anymore. | ||
- | |||
- | ==== Step 2: Generate a new SSH key ==== | ||
- | |||
- | To generate a new SSH key, enter the code below. We want the default settings so when asked to enter a file in which to save the key, | ||
- | just press enter. | ||
- | < | ||
- | Generating public/ | ||
- | ... | ||
- | </ | ||
- | |||
- | |||
- | Enter the path to the file that will hold the key: By default, the file name $HOME/ | ||
- | appears in parentheses. | ||
- | |||
- | < | ||
- | |||
- | Enter a passphrase for using your key: The passphrase you enter will be used for encrypting your private key. A good passphrase should be alphanumeric having 10-30 character length. You can also use a null passphrase however this can cause a security loophole. | ||
- | |||
- | < | ||
- | |||
- | Re-enter the passphrase to confirm it: Type your passphrase once again to confirm it. | ||
- | |||
- | < | ||
- | Enter same passphrase again: <Type the passphrase> | ||
- | Your identification has been saved in / | ||
- | Your public key has been saved in / | ||
- | The key fingerprint is: | ||
- | 0b: | ||
- | </ | ||
- | |||
- | ==== Step 3: Send your public key to jan.griesfeller@met.no and/or annac.met.no==== | ||
- | |||
- | In the folder ~/.ssh you will find file(s) ending with .pub. Please send us the one you just created e.g. <key> id_rsa.pub</ | ||
- | |||
- | ==== Further information ==== | ||
- | This page was partly stolen from [[http:// | ||
- | [[https:// | ||
- | If you want to know how key authentication works, please read [[http:// | ||
- | this article about public key cryptography]]. |