[CentOS] Centos hold me back from work - sshd ...bull

Thu Apr 28 21:36:20 UTC 2016
Warren Young <wyml at etr-usa.com>

On Apr 28, 2016, at 3:15 AM, John R Pierce <pierce at hogranch.com> wrote:
> 
> On 4/28/2016 2:09 AM, Andreas Benzler wrote:
>> ine-imac-andy:~ andy$ ssh -vvvandy at 141.52.135.21
> 
> 
>> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.8
>> debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.8 pat OpenSSH_5* compat 0x0c000000
> 
> 
> thats not CentOS.
> 
> are you sure you're connecting to the right address ?

Many of the other answers are ignoring this detail by simply recommending that the OP remove the offending line from known_hosts and try again.  That’s an excellent way to get MITM’d!

When OpenSSH warns you that the remote host’s key is different from the one it saw before, you *must not ignore it* unless you know exactly why it changed.

Don’t guess!  Verify.

How?

Log into the intended host over some trusted channel, then say:

   for f in /etc/ssh/ssh_host_*_key ; do ssh-keygen -lf $f ; done

If none of those values exactly matches

   SHA256:KIKE0V+Hm1UW4XtpTAVsl/7QWqJSVoQHfLnjj3vn/nM.

then OpenSSH is right to prevent your login.  It means you aren’t connecting to the server you think you are.  It might be a benign misconfiguration or it might be a MITM attempt.

This is potentially a game-over scenario.  Don’t ignore it.

See also this article on the TOFU problem:

 https://en.wikipedia.org/wiki/Trust_on_first_use