[CentOS] Centos hold me back from work - sshd ...bull

Thu Apr 28 14:25:03 UTC 2016
Andreas Benzler <andreas at benzlerweb.de>

I know how todo. I try it out tomorrow. But it’s the first time with this kind of problem
with a fresh installed centos 7.

Thanks 
Valeri.

> Am 28.04.2016 um 16:20 schrieb Valeri Galtsev <galtsev at kicp.uchicago.edu>:
> 
> 
> On Thu, April 28, 2016 8:56 am, mdubendris at gmail.com <mailto:mdubendris at gmail.com> wrote:
>> The problem is not with your installation of CentOS, it is with the
>> computer you are connecting from. Read the error log you pasted earlier,
>> it
>> tells you exactly what the problem is and how to remedy it:
>> 
>>> 
>>> Add correct host key in /Users/andy/.ssh/known_hosts to get rid of this
>>> message.
>>> Offending ECDSA key in /Users/andy/.ssh/known_hosts:22
>> 
>> 
>> Open up the file /Users/andy/.ssh/known_hosts and delete line 22.
>> 
> 
> (sorry if I repeat what someone already said - it is already long thread,
> and I'm reading my mail from latest messages to oldest...)
> 
> Usually host key (of remote machine) could change for the following reasons:
> 
> 1. benign reasons: remote machine system was reinstalled and/or ssh server
> keys were re-generated, or some machine was retired and different machine
> re-used its IP, or for some other reason, like changes in DNS, you are
> connecting to _different_ system that has same IP as the one you were
> connecting to in the past
> 
> In this case it is indeed safe to delete old known keys resembling this
> host (there may be more that one), then ssh to it and accept new key
> 
> 2. Bad reasons: remote machine is hijacked and host keys have changed. Or,
> as ssh error message says, it may be "man in the middle" attack. If some
> intermediate malicious machine is able to intercept your traffic, it can
> make encrypted ssh tunnel between source machine and itself, and between
> itself and destination machine, having all traffic in clear text on
> itself. The only thing that stops this "man in the middle" is you, as you
> are verifying the host key, and "man in the middle" can not use as host
> key the key of remote machine (he would need both secret and public key of
> the pair for that). This is how ssh is designed to ensure you are talking
> to the machine you think you are talking to.
> 
> If this is the case, you shouldn't continue, instead right thing to do is
> to first make sure that indeed the key of remote machine was changed by
> its admin. Calling remote machine's sysadmin would be right thing to do.
> 
> I hope, this helps.
> 
> Valeri
> 
> 
>> On Thu, Apr 28, 2016 at 2:31 AM, Andreas Benzler <andreas at benzlerweb.de>
>> wrote:
>> 
>>> Same machine iMac for the last two weeks.
>>> 
>>> Can work on virtual box  Centos 7
>>> Usb drive installation Centos 7 works
>>> 
>>> Fresh installation not on this laptop.
>>> 
>>>> Am 28.04.2016 um 11:25 schrieb Earl A Ramirez
>>> <earlaramirez at gmail.com>:
>>>> 
>>>> On 28 Apr 2016 11:24, "Andreas Benzler" <andreas at benzlerweb.de> wrote:
>>>>> 
>>>>> sure
>>>>>> Am 28.04.2016 um 11:16 schrieb Earl A Ramirez
>>> <earlaramirez at gmail.com
>>>> :
>>>>>> 
>>>>>> On 28 Apr 2016 11:11, "John R Pierce" <pierce at hogranch.com> wrote:
>>>>>>> 
>>>>>>> On 4/28/2016 2:02 AM, Andreas Benzler wrote:
>>>>>>>> 
>>>>>>>> what is wrong with the default sshd server.
>>>>>>>> 
>>>>>>>> after retry to connect sshd - key changed from known hosts????
>>>>>>> 
>>>>>>> 
>>>>>>> I've installed centos a LOT of times, versions 5, 6, and 7, and
>>> never
>>>> had
>>>>>> any issues with the built in sshd service, and a variety of clients,
>>>>>> including other linux ssh, putty and securecrt on windows, gui
>>> SCP/SFTP
>>>>>> utilties(they use sshd too), freebsd ssh, solaris ssh, aix ssh.
>>>>>>> 
>>>>>>> the "key changed from known_hosts" error happens if your client had
>>>>>> previously connected with  the same "user at hostname" on a previous
>>>>>> installation of the server OS with a different ssh_host_key
>>>>>>> 
>>>>>>> 
>>>>>>> you need to provide a lot more information if you expect a more
>>>> specific
>>>>>> answer from anyone, like what version of CentOS did you install,
>>> what
>>>>>> client software you're using to connect to it, any pertinent
>>> background
>>>>>> information like was this hostname previously used for a different
>>> OS
>>>>>> install, etc etc.
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> --
>>>>>>> john r pierce, recycling bits in santa cruz
>>>>>>> 
>>>>>>> _______________________________________________
>>>>>>> CentOS mailing list
>>>>>>> CentOS at centos.org
>>>>>>> https://lists.centos.org/mailman/listinfo/centos
>>>>>> 
>>>>>> You installed the server with the same IP, you need to remove the
>>> entry
>>>>>> from the known hosts, which is located in .ssh on the computer you
>>> are
>>>>>> trying to connect to.
>>>>>> _______________________________________________
>>>>>> CentOS mailing list
>>>>>> CentOS at centos.org
>>>>>> https://lists.centos.org/mailman/listinfo/centos
>>>>> 
>>>>> _______________________________________________
>>>>> CentOS mailing list
>>>>> CentOS at centos.org
>>>>> https://lists.centos.org/mailman/listinfo/centos
>>>> 
>>>> I meant the computer you are trying to connect from.
>>>> _______________________________________________
>>>> CentOS mailing list
>>>> CentOS at centos.org
>>>> https://lists.centos.org/mailman/listinfo/centos
>>> 
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>>> 
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>> 
> 
> 
> ++++++++++++++++++++++++++++++++++++++++
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> ++++++++++++++++++++++++++++++++++++++++
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org <mailto:CentOS at centos.org>
> https://lists.centos.org/mailman/listinfo/centos <https://lists.centos.org/mailman/listinfo/centos>