Re: Problem with SSH host keys

To: debian-user@lists.debian.org
Subject: Re: Problem with SSH host keys
From: Keith Lawson <keith@nowhere.ca>
Date: Wed, 24 Sep 2014 11:12:09 -0400
Message-id: <[🔎] 20140924151209.GA20330@nowhere.ca>
In-reply-to: <[🔎] CAH_OBidP35qkYMOQ16hhgB-31HMK5a9f--NOuYxO6yEKsPj=Wg@mail.gmail.com>
References: <[🔎] b1fc61ca1a3abe309a5b8340990ae58a@www.nowhere.ca> <[🔎] CAH_OBidP35qkYMOQ16hhgB-31HMK5a9f--NOuYxO6yEKsPj=Wg@mail.gmail.com>

On Tue, Sep 23, 2014 at 04:45:50PM -0400, shawn wilson wrote:
> On Tue, Sep 23, 2014 at 10:20 AM, Keith Lawson <keith@nowhere.ca> wrote:
> > Hello,
> >
> > I'm running jessie on my laptop and after doing a dist-upgrade yesterday I'm
> > getting SSH host key errors for a bunch of servers I've been connecting to
> > for years:
> >
> 
> IDK this has anything to do with the problem you're seeing (unless you
> have something wacky with your ~/.ssh - like it symlinked to /etc/ssh
> or something). So, I'll just go on the assumption that this is
> coincidence...
> 
> > The authenticity of host 'blah' can't be established.
> > RSA key fingerprint is e8:08:db:b0:e7:38:57:d4:82:a8:a4:1c:42:f0:25:09.
> > Are you sure you want to continue connecting (yes/no)?
> >
> > The host keys are in ~/.ssh/known_hosts and haven't changed on the server
> > side. Looking at the openssl, openssh-server and openssh-client change logs
> > I don't see anything that would explain this behavior. Is anyone aware of
> > any changes in openssh-client in jessie that would cause certain server keys
> > that were previously working to be invalid?
> >
> 
> The host keys are in known_hosts, but are the proper keys (the one you
> listed above - see ssh-keygen -lf /etc/ssh/ssh/ssh_host_rsa_key.puh on
> the server) listed there? Does your user own the file and is it mod
> 660 or less? Are you logging into the server you think you are (did
> you typo an ip in your ssh_config or is someone mitm you)?
> 
> 

Gah. So I'm way overthinking the problem. Found my issue: 

$ ls -ltrh
total 184K
-rwxr-xr-x 1 keith keith  393 Sep  2 11:05 id_rsa.pub
-rw------- 1 keith keith 1.8K Sep  2 11:05 id_rsa
-rw------- 1 keith keith 142K Sep 19 09:47 known_hosts.old
-rw-r--r-- 1 keith keith  11K Sep 24 10:10 known_hosts
$ cat known_hosts|wc
     31      93   11034
$ cat known_hosts.old |wc
    449    1347  145230

So now my question becomes what creates known_hosts.old? In my experience I've only seen ssh-keygen -R do that when it backs up known_hosts. 

This is starting to feel like user error.

Reply to:

References:
- Problem with SSH host keys
  - From: Keith Lawson <keith@nowhere.ca>
- Re: Problem with SSH host keys
  - From: shawn wilson <ag4ve.us@gmail.com>

Prev by Date: Samba group problem
Next by Date: Re: DNS Resolution and Short Names with Dots
Previous by thread: Re: Problem with SSH host keys
Next by thread: apt broken in latest update
Index(es):
- Date
- Thread