Re: Problem with SSH host keys
On Tue, Sep 23, 2014 at 03:59:56PM -0700, Don Armstrong wrote:
> On Tue, 23 Sep 2014, Keith Lawson wrote:
> > On Tue, Sep 23, 2014 at 01:26:36PM -0700, Don Armstrong wrote:
> > > Do you all of the ip addresses and hostnames listed for those keys in
> > > known_hosts?
> >
> > These are all servers I've been connecting to for years so I should
> > have their IP and host keys.
>
> Because the entries in known_hosts are hashed by default, it's not
> trivial to determine this.
>
That's definitely proving to be true.
> If you've changed DNS resolution slightly, or if they now reverse to
> different names, or you now can connect via IPv6, or the IP addresses
> have changed, you will see this warning.
>
> This is one of the reasons why I (and Debian itself) don't use hashed
> known hosts for machines.
>
I'll have to look into doign this too. I'm sure there's an explanation to this considering things like user@domain.ca and user@host.domain.ca have different results but if the keys weren't hashed in known_hosts it would make troubleshooting a lot simpler.
> You can also check the output of ssh -vv to see precisely what the key
> is, and see where else that matches in your known hosts.
>
> --
> Don Armstrong http://www.donarmstrong.com
>
> He no longer wished to be dead. At the same time, it cannot be said
> that he was glad to be alive. But at least he did not resent it. He
> was alive, and the stubbornness of this fact had little by little
> begun to fascinate him -- as if he had managed to outlive himself, as
> if he were somehow living a posthumous life.
> -- Paul Auster _City of Glass_
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 20140923225956.GR17817@rzlab.ucr.edu">https://lists.debian.org/[🔎] 20140923225956.GR17817@rzlab.ucr.edu
>
Reply to: