what is wrong with the default sshd server.
after retry to connect sshd - key changed from known hosts????
grrr
On 4/28/2016 2:02 AM, Andreas Benzler wrote:
what is wrong with the default sshd server.
after retry to connect sshd - key changed from known hosts????
I've installed centos a LOT of times, versions 5, 6, and 7, and never had any issues with the built in sshd service, and a variety of clients, including other linux ssh, putty and securecrt on windows, gui SCP/SFTP utilties(they use sshd too), freebsd ssh, solaris ssh, aix ssh.
the "key changed from known_hosts" error happens if your client had previously connected with the same "user@hostname" on a previous installation of the server OS with a different ssh_host_key
you need to provide a lot more information if you expect a more specific answer from anyone, like what version of CentOS did you install, what client software you're using to connect to it, any pertinent background information like was this hostname previously used for a different OS install, etc etc.
This never happen to me, first time too. This was never happen when i drive the machine with the usb drive installation of centos, same state. As I said: Fresh from yesterday.
Greetings
Andy
Am 28.04.2016 um 11:11 schrieb John R Pierce pierce@hogranch.com:
On 4/28/2016 2:02 AM, Andreas Benzler wrote:
what is wrong with the default sshd server.
after retry to connect sshd - key changed from known hosts????
I've installed centos a LOT of times, versions 5, 6, and 7, and never had any issues with the built in sshd service, and a variety of clients, including other linux ssh, putty and securecrt on windows, gui SCP/SFTP utilties(they use sshd too), freebsd ssh, solaris ssh, aix ssh.
the "key changed from known_hosts" error happens if your client had previously connected with the same "user@hostname" on a previous installation of the server OS with a different ssh_host_key
you need to provide a lot more information if you expect a more specific answer from anyone, like what version of CentOS did you install, what client software you're using to connect to it, any pertinent background information like was this hostname previously used for a different OS install, etc etc.
-- john r pierce, recycling bits in santa cruz
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 28 Apr 2016 11:11, "John R Pierce" pierce@hogranch.com wrote:
On 4/28/2016 2:02 AM, Andreas Benzler wrote:
what is wrong with the default sshd server.
after retry to connect sshd - key changed from known hosts????
I've installed centos a LOT of times, versions 5, 6, and 7, and never had
any issues with the built in sshd service, and a variety of clients, including other linux ssh, putty and securecrt on windows, gui SCP/SFTP utilties(they use sshd too), freebsd ssh, solaris ssh, aix ssh.
the "key changed from known_hosts" error happens if your client had
previously connected with the same "user@hostname" on a previous installation of the server OS with a different ssh_host_key
you need to provide a lot more information if you expect a more specific
answer from anyone, like what version of CentOS did you install, what client software you're using to connect to it, any pertinent background information like was this hostname previously used for a different OS install, etc etc.
-- john r pierce, recycling bits in santa cruz
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
You installed the server with the same IP, you need to remove the entry from the known hosts, which is located in .ssh on the computer you are trying to connect to.
sure
Am 28.04.2016 um 11:16 schrieb Earl A Ramirez earlaramirez@gmail.com:
On 28 Apr 2016 11:11, "John R Pierce" pierce@hogranch.com wrote:
On 4/28/2016 2:02 AM, Andreas Benzler wrote:
what is wrong with the default sshd server.
after retry to connect sshd - key changed from known hosts????
I've installed centos a LOT of times, versions 5, 6, and 7, and never had
any issues with the built in sshd service, and a variety of clients, including other linux ssh, putty and securecrt on windows, gui SCP/SFTP utilties(they use sshd too), freebsd ssh, solaris ssh, aix ssh.
the "key changed from known_hosts" error happens if your client had
previously connected with the same "user@hostname" on a previous installation of the server OS with a different ssh_host_key
you need to provide a lot more information if you expect a more specific
answer from anyone, like what version of CentOS did you install, what client software you're using to connect to it, any pertinent background information like was this hostname previously used for a different OS install, etc etc.
-- john r pierce, recycling bits in santa cruz
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
You installed the server with the same IP, you need to remove the entry from the known hosts, which is located in .ssh on the computer you are trying to connect to. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 28 Apr 2016 11:24, "Andreas Benzler" andreas@benzlerweb.de wrote:
sure
Am 28.04.2016 um 11:16 schrieb Earl A Ramirez earlaramirez@gmail.com:
On 28 Apr 2016 11:11, "John R Pierce" pierce@hogranch.com wrote:
On 4/28/2016 2:02 AM, Andreas Benzler wrote:
what is wrong with the default sshd server.
after retry to connect sshd - key changed from known hosts????
I've installed centos a LOT of times, versions 5, 6, and 7, and never
had
any issues with the built in sshd service, and a variety of clients, including other linux ssh, putty and securecrt on windows, gui SCP/SFTP utilties(they use sshd too), freebsd ssh, solaris ssh, aix ssh.
the "key changed from known_hosts" error happens if your client had
previously connected with the same "user@hostname" on a previous installation of the server OS with a different ssh_host_key
you need to provide a lot more information if you expect a more
specific
answer from anyone, like what version of CentOS did you install, what client software you're using to connect to it, any pertinent background information like was this hostname previously used for a different OS install, etc etc.
-- john r pierce, recycling bits in santa cruz
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
You installed the server with the same IP, you need to remove the entry from the known hosts, which is located in .ssh on the computer you are trying to connect to. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
I meant the computer you are trying to connect from.
Same machine iMac for the last two weeks.
Can work on virtual box Centos 7 Usb drive installation Centos 7 works
Fresh installation not on this laptop.
Am 28.04.2016 um 11:25 schrieb Earl A Ramirez earlaramirez@gmail.com:
On 28 Apr 2016 11:24, "Andreas Benzler" andreas@benzlerweb.de wrote:
sure
Am 28.04.2016 um 11:16 schrieb Earl A Ramirez earlaramirez@gmail.com:
On 28 Apr 2016 11:11, "John R Pierce" pierce@hogranch.com wrote:
On 4/28/2016 2:02 AM, Andreas Benzler wrote:
what is wrong with the default sshd server.
after retry to connect sshd - key changed from known hosts????
I've installed centos a LOT of times, versions 5, 6, and 7, and never
had
any issues with the built in sshd service, and a variety of clients, including other linux ssh, putty and securecrt on windows, gui SCP/SFTP utilties(they use sshd too), freebsd ssh, solaris ssh, aix ssh.
the "key changed from known_hosts" error happens if your client had
previously connected with the same "user@hostname" on a previous installation of the server OS with a different ssh_host_key
you need to provide a lot more information if you expect a more
specific
answer from anyone, like what version of CentOS did you install, what client software you're using to connect to it, any pertinent background information like was this hostname previously used for a different OS install, etc etc.
-- john r pierce, recycling bits in santa cruz
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
You installed the server with the same IP, you need to remove the entry from the known hosts, which is located in .ssh on the computer you are trying to connect to. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
I meant the computer you are trying to connect from. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
The problem is not with your installation of CentOS, it is with the computer you are connecting from. Read the error log you pasted earlier, it tells you exactly what the problem is and how to remedy it:
Add correct host key in /Users/andy/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /Users/andy/.ssh/known_hosts:22
Open up the file /Users/andy/.ssh/known_hosts and delete line 22.
On Thu, Apr 28, 2016 at 2:31 AM, Andreas Benzler andreas@benzlerweb.de wrote:
Same machine iMac for the last two weeks.
Can work on virtual box Centos 7 Usb drive installation Centos 7 works
Fresh installation not on this laptop.
Am 28.04.2016 um 11:25 schrieb Earl A Ramirez earlaramirez@gmail.com:
On 28 Apr 2016 11:24, "Andreas Benzler" andreas@benzlerweb.de wrote:
sure
Am 28.04.2016 um 11:16 schrieb Earl A Ramirez <earlaramirez@gmail.com
:
On 28 Apr 2016 11:11, "John R Pierce" pierce@hogranch.com wrote:
On 4/28/2016 2:02 AM, Andreas Benzler wrote:
what is wrong with the default sshd server.
after retry to connect sshd - key changed from known hosts????
I've installed centos a LOT of times, versions 5, 6, and 7, and never
had
any issues with the built in sshd service, and a variety of clients, including other linux ssh, putty and securecrt on windows, gui SCP/SFTP utilties(they use sshd too), freebsd ssh, solaris ssh, aix ssh.
the "key changed from known_hosts" error happens if your client had
previously connected with the same "user@hostname" on a previous installation of the server OS with a different ssh_host_key
you need to provide a lot more information if you expect a more
specific
answer from anyone, like what version of CentOS did you install, what client software you're using to connect to it, any pertinent background information like was this hostname previously used for a different OS install, etc etc.
-- john r pierce, recycling bits in santa cruz
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
You installed the server with the same IP, you need to remove the entry from the known hosts, which is located in .ssh on the computer you are trying to connect to. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
I meant the computer you are trying to connect from. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On Thu, April 28, 2016 8:56 am, mdubendris@gmail.com wrote:
The problem is not with your installation of CentOS, it is with the computer you are connecting from. Read the error log you pasted earlier, it tells you exactly what the problem is and how to remedy it:
Add correct host key in /Users/andy/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /Users/andy/.ssh/known_hosts:22
Open up the file /Users/andy/.ssh/known_hosts and delete line 22.
(sorry if I repeat what someone already said - it is already long thread, and I'm reading my mail from latest messages to oldest...)
Usually host key (of remote machine) could change for the following reasons:
1. benign reasons: remote machine system was reinstalled and/or ssh server keys were re-generated, or some machine was retired and different machine re-used its IP, or for some other reason, like changes in DNS, you are connecting to _different_ system that has same IP as the one you were connecting to in the past
In this case it is indeed safe to delete old known keys resembling this host (there may be more that one), then ssh to it and accept new key
2. Bad reasons: remote machine is hijacked and host keys have changed. Or, as ssh error message says, it may be "man in the middle" attack. If some intermediate malicious machine is able to intercept your traffic, it can make encrypted ssh tunnel between source machine and itself, and between itself and destination machine, having all traffic in clear text on itself. The only thing that stops this "man in the middle" is you, as you are verifying the host key, and "man in the middle" can not use as host key the key of remote machine (he would need both secret and public key of the pair for that). This is how ssh is designed to ensure you are talking to the machine you think you are talking to.
If this is the case, you shouldn't continue, instead right thing to do is to first make sure that indeed the key of remote machine was changed by its admin. Calling remote machine's sysadmin would be right thing to do.
I hope, this helps.
Valeri
On Thu, Apr 28, 2016 at 2:31 AM, Andreas Benzler andreas@benzlerweb.de wrote:
Same machine iMac for the last two weeks.
Can work on virtual box Centos 7 Usb drive installation Centos 7 works
Fresh installation not on this laptop.
Am 28.04.2016 um 11:25 schrieb Earl A Ramirez
On 28 Apr 2016 11:24, "Andreas Benzler" andreas@benzlerweb.de wrote:
sure
Am 28.04.2016 um 11:16 schrieb Earl A Ramirez
<earlaramirez@gmail.com
:
On 28 Apr 2016 11:11, "John R Pierce" pierce@hogranch.com wrote:
On 4/28/2016 2:02 AM, Andreas Benzler wrote: > > what is wrong with the default sshd server. > > after retry to connect sshd - key changed from known hosts????
I've installed centos a LOT of times, versions 5, 6, and 7, and
never
had
any issues with the built in sshd service, and a variety of clients, including other linux ssh, putty and securecrt on windows, gui
SCP/SFTP
utilties(they use sshd too), freebsd ssh, solaris ssh, aix ssh.
the "key changed from known_hosts" error happens if your client had
previously connected with the same "user@hostname" on a previous installation of the server OS with a different ssh_host_key
you need to provide a lot more information if you expect a more
specific
answer from anyone, like what version of CentOS did you install,
what
client software you're using to connect to it, any pertinent
background
information like was this hostname previously used for a different
OS
install, etc etc.
-- john r pierce, recycling bits in santa cruz
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
You installed the server with the same IP, you need to remove the
entry
from the known hosts, which is located in .ssh on the computer you
are
trying to connect to. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
I meant the computer you are trying to connect from. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
I know how todo. I try it out tomorrow. But it’s the first time with this kind of problem with a fresh installed centos 7.
Thanks Valeri.
Am 28.04.2016 um 16:20 schrieb Valeri Galtsev galtsev@kicp.uchicago.edu:
On Thu, April 28, 2016 8:56 am, mdubendris@gmail.com mailto:mdubendris@gmail.com wrote:
The problem is not with your installation of CentOS, it is with the computer you are connecting from. Read the error log you pasted earlier, it tells you exactly what the problem is and how to remedy it:
Add correct host key in /Users/andy/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /Users/andy/.ssh/known_hosts:22
Open up the file /Users/andy/.ssh/known_hosts and delete line 22.
(sorry if I repeat what someone already said - it is already long thread, and I'm reading my mail from latest messages to oldest...)
Usually host key (of remote machine) could change for the following reasons:
- benign reasons: remote machine system was reinstalled and/or ssh server
keys were re-generated, or some machine was retired and different machine re-used its IP, or for some other reason, like changes in DNS, you are connecting to _different_ system that has same IP as the one you were connecting to in the past
In this case it is indeed safe to delete old known keys resembling this host (there may be more that one), then ssh to it and accept new key
- Bad reasons: remote machine is hijacked and host keys have changed. Or,
as ssh error message says, it may be "man in the middle" attack. If some intermediate malicious machine is able to intercept your traffic, it can make encrypted ssh tunnel between source machine and itself, and between itself and destination machine, having all traffic in clear text on itself. The only thing that stops this "man in the middle" is you, as you are verifying the host key, and "man in the middle" can not use as host key the key of remote machine (he would need both secret and public key of the pair for that). This is how ssh is designed to ensure you are talking to the machine you think you are talking to.
If this is the case, you shouldn't continue, instead right thing to do is to first make sure that indeed the key of remote machine was changed by its admin. Calling remote machine's sysadmin would be right thing to do.
I hope, this helps.
Valeri
On Thu, Apr 28, 2016 at 2:31 AM, Andreas Benzler andreas@benzlerweb.de wrote:
Same machine iMac for the last two weeks.
Can work on virtual box Centos 7 Usb drive installation Centos 7 works
Fresh installation not on this laptop.
Am 28.04.2016 um 11:25 schrieb Earl A Ramirez
On 28 Apr 2016 11:24, "Andreas Benzler" andreas@benzlerweb.de wrote:
sure
Am 28.04.2016 um 11:16 schrieb Earl A Ramirez
<earlaramirez@gmail.com
:
On 28 Apr 2016 11:11, "John R Pierce" pierce@hogranch.com wrote: > > On 4/28/2016 2:02 AM, Andreas Benzler wrote: >> >> what is wrong with the default sshd server. >> >> after retry to connect sshd - key changed from known hosts???? > > > I've installed centos a LOT of times, versions 5, 6, and 7, and
never
had
any issues with the built in sshd service, and a variety of clients, including other linux ssh, putty and securecrt on windows, gui
SCP/SFTP
utilties(they use sshd too), freebsd ssh, solaris ssh, aix ssh. > > the "key changed from known_hosts" error happens if your client had previously connected with the same "user@hostname" on a previous installation of the server OS with a different ssh_host_key > > > you need to provide a lot more information if you expect a more
specific
answer from anyone, like what version of CentOS did you install,
what
client software you're using to connect to it, any pertinent
background
information like was this hostname previously used for a different
OS
install, etc etc. > > > > > > > -- > john r pierce, recycling bits in santa cruz > > _______________________________________________ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos
You installed the server with the same IP, you need to remove the
entry
from the known hosts, which is located in .ssh on the computer you
are
trying to connect to. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
I meant the computer you are trying to connect from. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ _______________________________________________ CentOS mailing list CentOS@centos.org mailto:CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos https://lists.centos.org/mailman/listinfo/centos
Valeri Galtsev wrote:
On Thu, April 28, 2016 8:56 am, mdubendris@gmail.com wrote:
The problem is not with your installation of CentOS, it is with the computer you are connecting from. Read the error log you pasted earlier, it tells you exactly what the problem is and how to remedy it:
Add correct host key in /Users/andy/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /Users/andy/.ssh/known_hosts:22
Open up the file /Users/andy/.ssh/known_hosts and delete line 22.
<snip>
Usually host key (of remote machine) could change for the following reasons:
- benign reasons: remote machine system was reinstalled and/or ssh server
keys were re-generated, or some machine was retired and different machine re-used its IP, or for some other reason, like changes in DNS, you are connecting to _different_ system that has same IP as the one you were connecting to in the past
In this case it is indeed safe to delete old known keys resembling this host (there may be more that one), then ssh to it and accept new key
- Bad reasons: remote machine is hijacked and host keys have changed. Or,
as ssh error message says, it may be "man in the middle" attack. If some intermediate malicious machine is able to intercept your traffic, it can
<snip> Just as a side note, here: when we rebuild a machine - say, when we were doing CentOS 5 to 6, or when we build a new machine for someone, 6->7, we *remove /etc/ssh/ssh_host*, and rsync in the *old* /etc/ssh/ssh_host* from backup.
Not doing this does have a tendency to freak out the users....
mark
On Thu, April 28, 2016 9:25 am, m.roth@5-cent.us wrote:
Valeri Galtsev wrote:
On Thu, April 28, 2016 8:56 am, mdubendris@gmail.com wrote:
The problem is not with your installation of CentOS, it is with the computer you are connecting from. Read the error log you pasted earlier, it tells you exactly what the problem is and how to remedy it:
Add correct host key in /Users/andy/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /Users/andy/.ssh/known_hosts:22
Open up the file /Users/andy/.ssh/known_hosts and delete line 22.
<snip> > Usually host key (of remote machine) could change for the following > reasons: > > 1. benign reasons: remote machine system was reinstalled and/or ssh > server > keys were re-generated, or some machine was retired and different > machine > re-used its IP, or for some other reason, like changes in DNS, you are > connecting to _different_ system that has same IP as the one you were > connecting to in the past > > In this case it is indeed safe to delete old known keys resembling this > host (there may be more that one), then ssh to it and accept new key > > 2. Bad reasons: remote machine is hijacked and host keys have changed. > Or, > as ssh error message says, it may be "man in the middle" attack. If some > intermediate malicious machine is able to intercept your traffic, it can <snip> Just as a side note, here: when we rebuild a machine - say, when we were doing CentOS 5 to 6, or when we build a new machine for someone, 6->7, we *remove /etc/ssh/ssh_host*, and rsync in the *old* /etc/ssh/ssh_host* from backup.
Not doing this does have a tendency to freak out the users....
Yes that is true. We do this too sometimes, but for machines that are too long on the network when we upgrade the system we do follow "good security practice" and re-generate the keys. Even though there is no reason to think that secret key may be compromised.
Valeri
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
-
Andreas Benzler -
Earl A Ramirez -
John R Pierce -
m.roth@5-cent.us -
mdubendris@gmail.com -
Valeri Galtsev