l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
January 6: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2002 Jan 09 13:17

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] How do I make SSH connect anyway if a host's IP has cha
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] How do I make SSH connect anyway if a host's IP has changed?



I don't think that the IP address is the problem.  If the HOST key on the system you are connecting to changes, then you will get that message.  From your earlier post, it sounds like you really are connecting to a different machine.  Either they need to replicate the same host key to each system (Leading to what complications I don't know), OR they actually may have been hacked and you are the reciepient of the man-in-the-middle attack (unlikely, but remotely posible as the error says).

-sp

On Tue, 08 January 2002, Ken Bloom wrote:

> 
> On second thought, I think that I'm getting the same IP each time, but different host keys
> each time, considering my errors, and considering that I have 'CheckHostIP no' set. Error is 
> included:
> 
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that the DSA host key has just been changed.
> The fingerprint for the DSA key sent by the remote host is
> 97:fd:25:4a:1f:c3:b4:80:9e:e7:b1:7b:0b:d6:e3:ae.
> Please contact your system administrator.
> Add correct host key in /home/bloom/.ssh/known_hosts to get rid of this message.
> Offending key in /home/bloom/.ssh/known_hosts:4
> Password authentication is disabled to avoid man-in-the-middle attacks.
> Permission denied (publickey,password).
> 
> 
> There was much rejoicing when Ken Bloom <kabloom@ucdavis.edu> spoke thus:
> > The Electrical and Computer Engineering department has set up a system where, by connecting to 
> > the address snake.ece.ucdavis.edu, the department hands off connections to the least busy HP 
> > computer in their lab.  I was trying, today to use ssh to connect to these HP computers by 
> > SSH. The first try, (and some random tries after that), SSH would connect OK. Most other 
> > times, however, the remote computer would fail the test because I was being handed off to a 
> > different HP system.
> > 
> > I am currently trying to connect using a shell script I created named snake:
> > 
> > #! /bin/bash
> > cat > ~/.sshconfig << ENDOFCONFIG
> > StrictHostKeyChecking no
> > CheckHostIP no
> > ENDOFCONFIG
> > ssh -F ~/.sshconfig kabloom@snake.ece.ucdavis.edu
> > 
> > (neither of these configuration options seem to be doing the trick, even after I deleted the 
> > offending key from ~/.ssh/known_hosts)
> > 
> > Is there any way to make SSH ignore the tests that it uses to verify host authenticity when
> > I connect to snake.ece.ucdavis.edu? 
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech


_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.