ssh: remote host identification has changed...not really

Petter Adsen petter at synth.no
Fri Feb 27 09:13:08 UTC 2015


On Fri, 27 Feb 2015 09:00:14 +0000 (UTC)
Thufir <hawat.thufir at gmail.com> wrote:

> I'm getting the following warning:
> 
> 
> thufir at doge:~$ 
> thufir at doge:~$ ssh thufir at 192.168.1.2
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle 
> attack)!
> It is also possible that a host key has just been changed.
> The fingerprint for the ECDSA key sent by the remote host is
> 59:51:45:14:9f:0b:43:a2:0c:80:ea:55:35:55:20:ce.
> Please contact your system administrator.
> Add correct host key in /home/thufir/.ssh/known_hosts to get rid of
> this message.
> Offending RSA key in /home/thufir/.ssh/known_hosts:9
>   remove with: ssh-keygen -f "/home/thufir/.ssh/known_hosts" -R 
> 192.168.1.2
> ECDSA host key for 192.168.1.2 has changed and you have requested
> strict checking.
> Host key verification failed.
> thufir at doge:~$ 
> 
> 
> but it's almost certainly erroneous.  I have two boxes, tleilax and
> doge on the LAN.  They use static ip addresses to keep everything
> simple for me (the router assigns ip addresses based on MAC address).
> 
> Both pc's are dual boot:  ubuntu and opensuse.
> 
> In this case, it's ubuntu to ubuntu, above.  The warning is due to 
> previous connections were to tleilax when tleilax was running
> opensuse.
> 
> 
> 
> I'd like to keep the FQDN for the boxes as they are.  On tleilax, 
> regardless of whether it's ubuntu or opensuse, it has the same fqdn.  
> After all, it can't run both os's concurrently!
> 
> 
> 
> Am I going to keep getting these warnings, each time I connect with a 
> different configuration?  The next time I connect from doge to
> tleilax, if tleilax is booted into opensuses, then I'll get a warning
> message!?
> 
> 
> I kind of like keeping the FQDN tied to, in a way, the MAC address --
> or at least the physical hardware.  Does this create problems,
> however?

Why not copy the host keys from one OS to the other, so that both OS's
on the same machine have the same host keys?

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20150227/29daab47/attachment-0001.pgp>


More information about the ubuntu-users mailing list