login about faq

Hi,

I have someone trying to connect to my Tectia Server (6.1.7.149) They are using OpenSSH and can only run it in batch mode no interactive login available, but they keep getting this error:

debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY debug3: check_host_in_hostfile: filename /.ssh/known_hosts
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx. Please contact your system administrator. Add correct host key in /.ssh/known_hosts to get rid of this message. Offending key in /.ssh/known_hosts:3 RSA host key for aaa.bbb.ccc.ddd has changed and you have requested strict key checking Host key verification failed.

They do have a copy of the public key I generated for them (different key pair for every client) and it is placed in their /.ssh/known_hosts file in the format ssh-rsa AAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.

They mentioned the footprint from the public key I gave them(using ssh-keygen to get footprint) and the one displayed in the warning showed above are not the same.

When they disable STRICTHOSTKEYCHECKING on their side it connects but then they get a 'can't get file handle error'.

Is this problem on my side or on theirs? Can anyone help on how to fix this?

Regards,

asked May 05 '15 at 15:25

sshNewbie's gravatar image

sshNewbie
1111


This can happen, if you change the ip address or host name although the host key is intact, depending on how you connect the host, using ip address or host name. If you are sure that there is not security compromise, you can safely delete the host key in knownhosts entry. The host key in the following format

server ssh-rsa AAAAB3Nz....

Find the entry of which server matching the ip address and/or host name of the server and delete it. You should be able to connect and save the host key but without "Strict host key checking". After the host key is saved, you can recover "strict host key checking"

link

answered Aug 31 '15 at 10:35

shuqinLKatSupport's gravatar image

shuqinLKatSupport
7712

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×17

Asked: May 05 '15 at 15:25

Seen: 5,535 times

Last updated: Aug 31 '15 at 10:35

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.