[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problem with SSH host keys

On Tue, 23 Sep 2014, Keith Lawson wrote:
> On Tue, Sep 23, 2014 at 01:26:36PM -0700, Don Armstrong wrote:
> > Do you all of the ip addresses and hostnames listed for those keys in
> > known_hosts?
> 
> These are all servers I've been connecting to for years so I should
> have their IP and host keys.

Because the entries in known_hosts are hashed by default, it's not
trivial to determine this.

If you've changed DNS resolution slightly, or if they now reverse to
different names, or you now can connect via IPv6, or the IP addresses
have changed, you will see this warning.

This is one of the reasons why I (and Debian itself) don't use hashed
known hosts for machines.

You can also check the output of ssh -vv to see precisely what the key
is, and see where else that matches in your known hosts.

-- 
Don Armstrong                      http://www.donarmstrong.com

He no longer wished to be dead. At the same time, it cannot be said
that he was glad to be alive. But at least he did not resent it. He
was alive, and the stubbornness of this fact had little by little
begun to fascinate him -- as if he had managed to outlive himself, as
if he were somehow living a posthumous life.
 -- Paul Auster _City of Glass_
Reply to: