[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#421308: marked as done (openssh-client: "Offending key in /home/ross/.ssh/known_hosts:140" isn't there)

Your message dated Fri, 27 Apr 2007 20:54:28 +0100
with message-id <1177703669.3172.10.camel@kaa.jungle.aubergine.my-net-space.net>
and subject line Bug#421308: openssh-client: "Offending key in /home/ross/.ssh/known_hosts:140" isn't there
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: openssh-client
Version: 1:4.3p2-9
Severity: normal

When trying to connect to a new system I got (with some obscuring)
$ ssh somewhere
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xxxxx
Please contact your system administrator.
Add correct host key in /home/ross/.ssh/known_hosts to get rid of this message.
Offending key in /home/ross/.ssh/known_hosts:140
RSA host key for 0.1.2.3 has changed and you have requested strict checking.
Host key verification failed.

There is no known_hosts:140 file in the indicated directory, or
anywhere else that I can see.

Background: The box at a particular IP address changed.  "somewhere"
is an unqualified name; .ssh/config provides the IP as the HostName.
First I tried using the old alias.  Then I created a new alias using
the new hostname of the target computer.  In both cases I got the
message shown above, and did not get the file it said it was leaving.

Speculation: ssh is trying to create a file based on the hostname, and
running into trouble when it is an IP address.

I think I can install the key manually, so a fix is not urgent for me.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (40, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-4-k7 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-client depends on:
ii  adduser  3.102                           Add and remove users and groups
ii  debconf  1.5.13                          Debian configuration management sy
ii  dpkg     1.13.25                         package maintenance system for Deb
ii  libc6    2.3.6.ds1-13                    GNU C Library: Shared libraries
ii  libcomer 1.39+1.40-WIP-2006.11.14+dfsg-2 common error description library
ii  libedit2 2.9.cvs.20050518-3              BSD editline and history libraries
ii  libkrb53 1.4.4-8                         MIT Kerberos runtime libraries
ii  libncurs 5.5-5                           Shared libraries for terminal hand
ii  libssl0. 0.9.8e-4                        SSL shared libraries
ii  passwd   1:4.0.18.1-7                    change and administer password and
ii  zlib1g   1:1.2.3-13                      compression library - runtime

openssh-client recommends no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Hi,

On Fri, 2007-04-27 at 12:10 -0700, Ross Boylan wrote:
> Package: openssh-client
> Version: 1:4.3p2-9
> Severity: normal
> 
> When trying to connect to a new system I got (with some obscuring)
> $ ssh somewhere
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[...]
> Add correct host key in /home/ross/.ssh/known_hosts to get rid of this message.
> Offending key in /home/ross/.ssh/known_hosts:140
> RSA host key for 0.1.2.3 has changed and you have requested strict checking.
> Host key verification failed.
> 
> There is no known_hosts:140 file in the indicated directory, or
> anywhere else that I can see.
[...]
> In both cases I got the
> message shown above, and did not get the file it said it was leaving.
> 
> Speculation: ssh is trying to create a file based on the hostname, and
> running into trouble when it is an IP address.

The error message indicates that the key causing the problem is on line
140 of /home/ross/.ssh/known_hosts. There is no file being created (or
failing to be created) - it's simply telling you that the key currently
on that line of the file does not match the host you're connecting to
(because they're not the same host, as you indicated :-)

Either replace the key currently in the file with the new one, or simply
remove the old key.

Closing this report as there doesn't appear to be a bug in ssh here.

[Just spotted your second mail:

"Another theory:
When HostName was an IP it was the same IP as used by the old system I
was connecting too.  Thus, if an entry were added to known_hosts, there
would be two entries for the same key (the IP address).  Maybe that was
the source of the problem."

is much closer ;-)

The issue isn't caused by using an IP address, as the same issue would
occur if you were using hostnames as you'd still have a conflict between
the key in known_hosts and the new host.

]

Regards,

Adam

--- End Message ---
Reply to: