Re: Problem with SSH host keys
----- Original Message -----
> From: "Keith Lawson" <keith@nowhere.ca>
>
> Hello,
>
> I'm running jessie on my laptop and after doing a dist-upgrade yesterday
> I'm getting SSH host key errors for a bunch of servers I've been
> connecting to for years:
>
> The authenticity of host 'blah' can't be established.
> RSA key fingerprint is e8:08:db:b0:e7:38:57:d4:82:a8:a4:1c:42:f0:25:09.
> Are you sure you want to continue connecting (yes/no)?
>
> The host keys are in ~/.ssh/known_hosts and haven't changed on the
> server side. Looking at the openssl, openssh-server and openssh-client
> change logs I don't see anything that would explain this behavior. Is
> anyone aware of any changes in openssh-client in jessie that would cause
> certain server keys that were previously working to be invalid?
>
I just tried ssh'ing from my jessie server and couldn't reproduce your problem. Usually if the key has changed, you get a different warning "someone is doing something nasty", or something to that effect. The message you're getting seems to indicate it's not finding the host/fingerprint in known_hosts at all. Check the permissions on known_hosts. On my system it's 600. Also check ~/.ssh -- it should be 700.
You can check the fingerprint in the known_hosts file like this:
ssh-keygen -F blah -l
Compare this value to the fingerprint being reported in the message you posted above.
-Rob
Reply to: