16.04: No ECDSA host key is known for XXXXX and you have requested strict checking.

Tom H tomh0665 at gmail.com
Mon Jul 25 20:46:42 UTC 2016


On Sun, Jul 24, 2016 at 4:50 PM, Josef Wolf <jw at raven.inka.de> wrote:
> On Sun, Jul 24, 2016 at 04:37:50PM -0400, Tom H wrote:
>> On Sun, Jul 24, 2016 at 5:21 AM, Josef Wolf <jw at raven.inka.de> wrote:
>>>
>>> when connecting from machines with older ssh releases, I get the error
>>> mentioned in the subject.
>>>
>>> I have abondoned DSA keys because they can easily be compromized. ECDSA is
>>> told to have similar weaknesses as DSA.
>>>
>>> I undersand that ec25519 is noo new for older clients. But why won't they fall
>>> back to the RSA key that is also available?
>>
>> Don't you need both keys in know_hosts for a fallback?
>>
>> Get the public keys with "ssh-keyscan old-server-ip-address" and add
>> the one that you want to use to "~/.ssh/known_hosts"
>
> I HAVE both keys in known_hosts. But it seems to ignore the rsa key. The
> ec25519 is not supported by old ssh versions. Instead of falling back to RSA,
> ssh errors out with "no ECDSA ke known"

Can you copy the key that you want to use to "~/.ssh/old" and

run
ssh -o "UserKnownHostsFile=~/.ssh/old" server-ip-address

or

create
cat ~/.ssh/config
Host server-ip-address
UserKnownHostsFile ~/.ssh/old



More information about the ubuntu-users mailing list