[CentOS] Centos hold me back from work - sshd ...bull

Thu Apr 28 14:25:52 UTC 2016
m.roth at 5-cent.us <m.roth at 5-cent.us>

Valeri Galtsev wrote:
> On Thu, April 28, 2016 8:56 am, mdubendris at gmail.com wrote:
>> The problem is not with your installation of CentOS, it is with the
>> computer you are connecting from. Read the error log you pasted earlier,
>> it tells you exactly what the problem is and how to remedy it:
>>> Add correct host key in /Users/andy/.ssh/known_hosts to get rid of this
>>> message. Offending ECDSA key in /Users/andy/.ssh/known_hosts:22
>> Open up the file /Users/andy/.ssh/known_hosts and delete line 22.
> Usually host key (of remote machine) could change for the following
> reasons:
> 1. benign reasons: remote machine system was reinstalled and/or ssh server
> keys were re-generated, or some machine was retired and different machine
> re-used its IP, or for some other reason, like changes in DNS, you are
> connecting to _different_ system that has same IP as the one you were
> connecting to in the past
> In this case it is indeed safe to delete old known keys resembling this
> host (there may be more that one), then ssh to it and accept new key
> 2. Bad reasons: remote machine is hijacked and host keys have changed. Or,
> as ssh error message says, it may be "man in the middle" attack. If some
> intermediate malicious machine is able to intercept your traffic, it can
Just as a side note, here: when we rebuild a machine - say, when we were
doing CentOS 5 to 6, or when we build a new machine for someone, 6->7, we
*remove /etc/ssh/ssh_host*, and rsync in the *old* /etc/ssh/ssh_host* from

Not doing this does have a tendency to freak out the users....