[opensuse] ssh connection refused since upgrading to 12.1
On 11.4 I had ssh working perfectly without passwords between my laptop and my desktop. Since upgrading the desktop to 12.1, ssh from the laptop to the desktop fails because the remote server's host key has changed. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ [...] Add correct host key in /home/bob/.ssh/known_hosts to get rid of this message. [...] Host key verification failed. I'm not sure which file to copy onto my USB stick and where to put it (~/.ssh/known_hosts probably, but nothing I've put there so far has worked). There must be a simpler way of solving this problem, because most situations will involve hosts separated by significant distances, rather than being in the same room. Any suggestions, please? Bob -- Bob Williams System: Linux 3.1.9-1.4-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.7.2 (4.7.2) "release 5" Uptime: 18:00pm up 1 day 6:05, 5 users, load average: 0.22, 0.20, 0.22 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sun, 04 Mar 2012 01:00:47 +0000
Bob Williams
On 11.4 I had ssh working perfectly without passwords between my laptop and my desktop. Since upgrading the desktop to 12.1, ssh from the laptop to the desktop fails because the remote server's host key has changed.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[...] Add correct host key in /home/bob/.ssh/known_hosts to get rid of this message. [...] Host key verification failed.
I'm not sure which file to copy onto my USB stick and where to put it (~/.ssh/known_hosts probably, but nothing I've put there so far has worked).
There must be a simpler way of solving this problem, because most situations will involve hosts separated by significant distances, rather than being in the same room.
Any suggestions, please?
Bob
I believe there's another sentence in the error message that you've trimmed out. It lists the failing key and gives the exact commandline string to use to delete it from your known_hosts file. Once it's deleted, you ssh into the system, again, accept the new key and you should be good to go. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/03/12 01:44, Carl Hartung wrote:
On Sun, 04 Mar 2012 01:00:47 +0000 Bob Williams
wrote: On 11.4 I had ssh working perfectly without passwords between my laptop and my desktop. Since upgrading the desktop to 12.1, ssh from the laptop to the desktop fails because the remote server's host key has changed.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[...] Add correct host key in /home/bob/.ssh/known_hosts to get rid of this message. [...] Host key verification failed.
I'm not sure which file to copy onto my USB stick and where to put it (~/.ssh/known_hosts probably, but nothing I've put there so far has worked).
There must be a simpler way of solving this problem, because most situations will involve hosts separated by significant distances, rather than being in the same room.
Any suggestions, please?
Bob
I believe there's another sentence in the error message that you've trimmed out. It lists the failing key and gives the exact commandline string to use to delete it from your known_hosts file. Once it's deleted, you ssh into the system, again, accept the new key and you should be good to go.
Yes, you are quite right. However, that ssh-keygen command didn't work. It created a known_hosts_old file which was identical to the original, not removing anything. There were two lines in the file, so I eventually followed James' advice and deleted each one. When I had an empty file, my ssh command worked. So, thank you both for your help, not sure why the 'official' way didn't work here. -- Bob Williams System: Linux 3.1.9-1.4-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.7.2 (4.7.2) "release 5" Uptime: 06:00am up 1 day 18:05, 5 users, load average: 0.03, 0.05, 0.09 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Bob Williams wrote:
There were two lines in the file, so I eventually followed James' advice and deleted each one. When I had an empty file, my ssh command worked.
I was tempted to suggest deleting the entire file, but that means you'd have to accept each key again. As I mentioned, you should be able to find the one line for that system and deleting only it. Each line starts with the host name or IP address followed by ssh-rsa as shown below: 172.16.1.9 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwCFsf0HDuR+kPMIClIjCCW5vkxaFPvtJhIvZvmkSSyXh9pQh6VcssmJzxVftuCbYj6VmNiX21jxEN2dpdHkzFvIAZbJ67PVTVi/bz2hL0pNkvc4ww2lM1UoIp/kp26ay2fU+06KecdxoXBb0PFpHfeZpuxJvSD1fA3UkpbcZfNhp01N In vi, you can simply move down through the lines (or search) until you're on the correct one and then delete the entire line. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/03/12 13:16, James Knott wrote:
Bob Williams wrote:
There were two lines in the file, so I eventually followed James' advice and deleted each one. When I had an empty file, my ssh command worked.
I was tempted to suggest deleting the entire file, but that means you'd have to accept each key again. As I mentioned, you should be able to find the one line for that system and deleting only it. Each line starts with the host name or IP address followed by ssh-rsa as shown below:
172.16.1.9 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwCFsf0HDuR+kPMIClIjCCW5vkxaFPvtJhIvZvmkSSyXh9pQh6VcssmJzxVftuCbYj6VmNiX21jxEN2dpdHkzFvIAZbJ67PVTVi/bz2hL0pNkvc4ww2lM1UoIp/kp26ay2fU+06KecdxoXBb0PFpHfeZpuxJvSD1fA3UkpbcZfNhp01N
That is indeed the structure of the known_hosts file on my desktop machine, but here on my laptop the same file gives no indication of which key relates to which host. Hence I deleted both lines (there are only two machines here that I use ssh with, so it is not onerous to accept new keys). After accepting the new key, the file looks much the same, with two lines but no identification of host. I have left the lines wrapped, but each one starts with |1|: |1|r+sSjzHiK8nJu7BZ7WJ5mPkzYhQ=|BQUTU5kbZjZPUZNFlAcdYlp/D/Q= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF3YHk3ZN5/woQeVxkFBsrKxJg/AfugnmpbA/5j8OKC1i8bf6PmNb1mqFZtI5mnwQrTV1dp6UHcNAHF9DsWxz6k= |1|uiLEVuhVfpQ6GyFHCOxc2IrcPMo=|cLOYRHbY+W87J3cnmQYq/2ewoWc= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF3YHk3ZN5/woQeVxkFBsrKxJg/AfugnmpbA/5j8OKC1i8bf6PmNb1mqFZtI5mnwQrTV1dp6UHcNAHF9DsWxz6k=
In vi, you can simply move down through the lines (or search) until you're on the correct one and then delete the entire line.
Bob -- Bob Williams Sent from my laptop -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
That is indeed the structure of the known_hosts file on my desktop machine, but here on my laptop the same file gives no indication of which key relates to which host. Hence I deleted both lines (there are only two machines here that I use ssh with, so it is not onerous to accept new keys). It appears you may be using a different encryption method. Perhaps
Bob Williams wrote: that's the reason for the difference. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/03/12 18:32, James Knott wrote:
That is indeed the structure of the known_hosts file on my desktop machine, but here on my laptop the same file gives no indication of which key relates to which host. Hence I deleted both lines (there are only two machines here that I use ssh with, so it is not onerous to accept new keys). It appears you may be using a different encryption method. Perhaps
Bob Williams wrote: that's the reason for the difference.
Probably, but I don't remember specifying anything out of the ordinary. The only recent change has been a new installation of 12.1 Bob -- Bob Williams System: Linux 3.1.9-1.4-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.7.2 (4.7.2) "release 5" Uptime: 18:00pm up 2 days 6:05, 5 users, load average: 0.01, 0.08, 0.10 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Bob Williams [04.03.2012 19:28]: [ about $HOME/.ssh/known_hosts file ]
172.16.1.9 ssh-rsa AAAAB3NzaC1yc2EAAAA[...]
That is indeed the structure of the known_hosts file on my desktop machine, but here on my laptop the same file gives no indication of which key relates to which host. Hence I deleted both lines (there are only two machines here that I use ssh with, so it is not onerous to accept new keys).
After accepting the new key, the file looks much the same, with two lines but no identification of host.
I have left the lines wrapped, but each one starts with |1|:
|1|r+sSjzHiK8nJu7BZ7WJ5mPkzYhQ=|BQUTU5kbZjZPUZNFlAcdYlp/D/Q= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI[...]
Whether you have clear text entries in $HOME/.ssh/known_hosts as before or encoded ones is controlled by /etc/ssh/ssh_config and/or $HOME/.ssh/config. See "man 5 ssh_config", parameter HashKnownHosts :-) Just my 2¢ Werner -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/03/12 10:06, Werner Flamme wrote:
Bob Williams [04.03.2012 19:28]:
[ about $HOME/.ssh/known_hosts file ]
172.16.1.9 ssh-rsa AAAAB3NzaC1yc2EAAAA[...]
That is indeed the structure of the known_hosts file on my desktop machine, but here on my laptop the same file gives no indication of which key relates to which host. Hence I deleted both lines (there are only two machines here that I use ssh with, so it is not onerous to accept new keys).
After accepting the new key, the file looks much the same, with two lines but no identification of host.
I have left the lines wrapped, but each one starts with |1|:
|1|r+sSjzHiK8nJu7BZ7WJ5mPkzYhQ=|BQUTU5kbZjZPUZNFlAcdYlp/D/Q= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI[...]
Whether you have clear text entries in $HOME/.ssh/known_hosts as before or encoded ones is controlled by /etc/ssh/ssh_config and/or $HOME/.ssh/config. See "man 5 ssh_config", parameter HashKnownHosts :-)
Just my 2¢ Werner
A valuable 2cents worth. Thank you Werner. Bob -- Bob Williams System: Linux 3.1.9-1.4-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.7.2 (4.7.2) "release 5" Uptime: 10:04 up 2:07, 3 users, load average: 0.40, 0.47, 0.25 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Bob Williams wrote:
On 11.4 I had ssh working perfectly without passwords between my laptop and my desktop. Since upgrading the desktop to 12.1, ssh from the laptop to the desktop fails because the remote server's host key has changed.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[...] Add correct host key in /home/bob/.ssh/known_hosts to get rid of this message. [...] Host key verification failed.
I'm not sure which file to copy onto my USB stick and where to put it (~/.ssh/known_hosts probably, but nothing I've put there so far has worked).
There must be a simpler way of solving this problem, because most situations will involve hosts separated by significant distances, rather than being in the same room.
Any suggestions, please?
Bob
Yes. The key for the server has changed. Look through your ~/.ssh/known_hosts file and delete the line for the system you're trying to connect to. Then, the next time you try to connect, you'll be asked if you wish to accept the key. After you do, you will be able to connect again. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-03-04 03:10, James Knott wrote:
Bob Williams wrote:
Since upgrading the desktop to 12.1,
Yes. The key for the server has changed. Look through your ~/.ssh/known_hosts file and delete the line for the system you're trying to connect to. Then, the next time you try to connect, you'll be asked if you wish to accept the key. After you do, you will be able to connect again.
which means the desktop machine was not upgraded, but installed fresh. A real upgrade would not have changed the server key. - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk9T81gACgkQIvFNjefEBxoRigCdHQxg0CH6uzsmybUyV7Xa6b3E edIAnj9eBubgkMI+UBj4tPZrQQnRKhrW =VKZA -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/03/12 22:57, Carlos E. R. wrote:
On 2012-03-04 03:10, James Knott wrote:
Bob Williams wrote:
Since upgrading the desktop to 12.1,
Yes. The key for the server has changed. Look through your ~/.ssh/known_hosts file and delete the line for the system you're trying to connect to. Then, the next time you try to connect, you'll be asked if you wish to accept the key. After you do, you will be able to connect again.
which means the desktop machine was not upgraded, but installed fresh. A real upgrade would not have changed the server key.
You are quite correct, Carlos. It started out as an upgrade, things went wrong, so it then become a fresh install. I should be more careful of my use of words. After all, I'm not Humpty Dumpty (read Alice's Adventures in Wonderland if you don't understand that last remark). Bob - -- Bob Williams System: Linux 3.1.9-1.4-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.7.2 (4.7.2) "release 5" Uptime: 18:00pm up 2 days 6:05, 5 users, load average: 0.01, 0.08, 0.10 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9UhVkACgkQ0Sr7eZJrmU7vOQCeJ9UoA13EvM9d7uNuU0BnHIHx TP8An2thdwEQwqyCR+x4RlH3V5F6vRM8 =dxrt -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (5)
-
Bob Williams
-
Carl Hartung
-
Carlos E. R.
-
James Knott
-
Werner Flamme