Re: Problem with SSH host keys

To: debian-user@lists.debian.org
Subject: Re: Problem with SSH host keys
From: Keith Lawson <keith@nowhere.ca>
Date: Tue, 23 Sep 2014 18:44:17 -0400
Message-id: <[🔎] 20140923224417.GC20175@nowhere.ca>
In-reply-to: <[🔎] CAH_OBidP35qkYMOQ16hhgB-31HMK5a9f--NOuYxO6yEKsPj=Wg@mail.gmail.com>
References: <[🔎] b1fc61ca1a3abe309a5b8340990ae58a@www.nowhere.ca> <[🔎] CAH_OBidP35qkYMOQ16hhgB-31HMK5a9f--NOuYxO6yEKsPj=Wg@mail.gmail.com>

On Tue, Sep 23, 2014 at 04:45:50PM -0400, shawn wilson wrote:
> On Tue, Sep 23, 2014 at 10:20 AM, Keith Lawson <keith@nowhere.ca> wrote:
> > Hello,
> >
> > I'm running jessie on my laptop and after doing a dist-upgrade yesterday I'm
> > getting SSH host key errors for a bunch of servers I've been connecting to
> > for years:
> >
> 
> IDK this has anything to do with the problem you're seeing (unless you
> have something wacky with your ~/.ssh - like it symlinked to /etc/ssh
> or something). So, I'll just go on the assumption that this is
> coincidence...
> 
> > The authenticity of host 'blah' can't be established.
> > RSA key fingerprint is e8:08:db:b0:e7:38:57:d4:82:a8:a4:1c:42:f0:25:09.
> > Are you sure you want to continue connecting (yes/no)?
> >
> > The host keys are in ~/.ssh/known_hosts and haven't changed on the server
> > side. Looking at the openssl, openssh-server and openssh-client change logs
> > I don't see anything that would explain this behavior. Is anyone aware of
> > any changes in openssh-client in jessie that would cause certain server keys
> > that were previously working to be invalid?
> >
> 
> The host keys are in known_hosts, but are the proper keys (the one you
> listed above - see ssh-keygen -lf /etc/ssh/ssh/ssh_host_rsa_key.puh on
> the server) listed there? Does your user own the file and is it mod
> 660 or less? Are you logging into the server you think you are (did
> you typo an ip in your ssh_config or is someone mitm you)?
> 

Time stamps on the keys on the server haven't changed and the key fingerprint on the server matches what's getting offered to the client. I use aliases like "alias hostname='ssh keith@hostaname.com'" so typos are out of the question. Still stumped on what changed and when we're talking SSH keys that makes me nervous. 


> 
> -- 
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] CAH_OBidP35qkYMOQ16hhgB-31HMK5a9f--NOuYxO6yEKsPj=Wg@mail.gmail.com">https://lists.debian.org/[🔎] CAH_OBidP35qkYMOQ16hhgB-31HMK5a9f--NOuYxO6yEKsPj=Wg@mail.gmail.com
>

Reply to:

Follow-Ups:
- Re: Problem with SSH host keys
  - From: shawn wilson <ag4ve.us@gmail.com>

References:
- Problem with SSH host keys
  - From: Keith Lawson <keith@nowhere.ca>
- Re: Problem with SSH host keys
  - From: shawn wilson <ag4ve.us@gmail.com>

Prev by Date: Re: Problem with SSH host keys
Next by Date: Re: Problem with SSH host keys
Previous by thread: Re: Problem with SSH host keys
Next by thread: Re: Problem with SSH host keys
Index(es):
- Date
- Thread