Re: Problem with SSH host keys
On Tue, Sep 23, 2014 at 11:34:02AM -0400, Steve Litt wrote:
> On Tue, 23 Sep 2014 10:20:26 -0400
> Keith Lawson <keith@nowhere.ca> wrote:
>
> > Is anyone aware of any changes in openssh-client in
> > jessie that would cause certain server keys that were previously
> > working to be invalid?
>
> Hi Keith,
>
> You said "certain" server keys. If I were you, that's where I'd hang my
> hat. Make a list of all the keys that are malfunctioning. Make a list
> of all the keys that are still functional. What does each key have in
> common with its groupmates? What differences do you see between the two
> groups? It's likely that such an analysis, which should take less than
> an hour, will go a long way toward pointing you in the direction of the
> root cause.
>
It seems to be only on servers that have been apt updated recently actually. One one of the servers I connect fine with the top level A record that points at the server:
debug1: Server host key: RSA e8:08:db:b0:e7:38:57:d4:82:a8:a4:1c:42:f0:25:09
debug3: load_hostkeys: loading entries for host "nowhere.ca" from file "/home/keith/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/keith/.ssh/known_hosts:26
debug3: load_hostkeys: loaded 1 keys
However using the FQDN of that server prompts me to accept the same key:
debug1: Server host key: RSA e8:08:db:b0:e7:38:57:d4:82:a8:a4:1c:42:f0:25:09
debug3: load_hostkeys: loading entries for host "vegas.nowhere.ca" from file "/home/keith/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
Maybe a change in openssh-server?
> SteveT
>
> Steve Litt * http://www.troubleshooters.com/
> Troubleshooting Training * Human Performance
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 20140923113402.61e15e55@mydesq2.domain.cxm">https://lists.debian.org/[🔎] 20140923113402.61e15e55@mydesq2.domain.cxm
>
Reply to: