Re: Subject: network-console installation and ssh keys
On 04/14/2015 10:31 PM, David Wright wrote:
I like the new Network Console option in the installer.
However, when I reinstall Debian onto a machine called, say, desk
select the necessary options, type in the password for the
installer session, and then sit back with a machine called, lap,
when I type ssh installer@desk I get the usual
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
because the installer has generated and is running with fresh keys.
(I frequently connect from lap to desk and vice versa and so
have authorised_keys as well as know_hosts there.)
What do most people do here?
It depends on what I want to achieve:
- Host temporarily has a different key because of a running
installation (or rescue CD or so), but will have the right
keys again in the future. I have the following alias defined:
alias sshnv='ssh -o GlobalKnownHostsFile=/dev/null
-o UserKnownHostsFile=/dev/null'
(Just one line, but my mail client wants to wrap.)
This allows me to do sshnv user@host, but the temporary key will
not be remembered (I still have to accept it though).
This is also useful if I don't want to remember the key even if
it's not already in the known_hosts file.
- Host will permanently have a new key.
ssh-keygen -R hostname
This will remove all keys for a given host from the known_hosts
file, and then a new key can be accepted for that host, which will
be stored permanently.
Hope that helps.
Christian
Reply to: