[CentOS] Centos hold me back from work - sshd ...bull
wyml at etr-usa.com
Thu Apr 28 21:36:20 UTC 2016
On Apr 28, 2016, at 3:15 AM, John R Pierce <pierce at hogranch.com> wrote:
> On 4/28/2016 2:09 AM, Andreas Benzler wrote:
>> ine-imac-andy:~ andy$ ssh -vvvandy at 188.8.131.52
>> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.8
>> debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.8 pat OpenSSH_5* compat 0x0c000000
> thats not CentOS.
> are you sure you're connecting to the right address ?
Many of the other answers are ignoring this detail by simply recommending that the OP remove the offending line from known_hosts and try again. That’s an excellent way to get MITM’d!
When OpenSSH warns you that the remote host’s key is different from the one it saw before, you *must not ignore it* unless you know exactly why it changed.
Don’t guess! Verify.
Log into the intended host over some trusted channel, then say:
for f in /etc/ssh/ssh_host_*_key ; do ssh-keygen -lf $f ; done
If none of those values exactly matches
then OpenSSH is right to prevent your login. It means you aren’t connecting to the server you think you are. It might be a benign misconfiguration or it might be a MITM attempt.
This is potentially a game-over scenario. Don’t ignore it.
See also this article on the TOFU problem:
More information about the CentOS