Re: SSH mysteriously stops working
- From: Ken Fairfield <ken.fairfield@xxxxxxxxx>
- Date: Thu, 19 May 2011 13:33:02 -0700 (PDT)
On May 19, 8:55 am, hel...@xxxxxxxxxxxxxxxxxxxxxxxx (Phillip Helbig---
undress to reply) wrote:
In article <d949a$4dd4b9cb$82a13c9d$20...@xxxxxxxxxxxxxxxx>, JOUKJ
<jo...@xxxxxxxxxxxxxxxxxxxx> writes:
Did you also try with a "just-created" account which was not used for
ssh at all before the test?
Not yet. Maybe I'll have to. Here is the message I get when trying to
get in from outside. (Contrary to what I mentioned before, OUTGOING
access seems OK.)
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The DSA host key for multivax.de has changed,
and the key for the corresponding IP address 217.226.76.212
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/foobar/.ssh/known_hosts:5
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the DSA host key has just been changed.
The fingerprint for the DSA key sent by the remote host is
f1:f2:2f:53:d5:cd:ae:3f:97:90:e5:01:21:33:d4:aa.
Please contact your system administrator.
Add correct host key in /home/foobar/.ssh/known_hosts to get rid of this
message.
Offending key in /home/foobar/.ssh/known_hosts:1
DSA host key for multivax.de has changed and you have requested strict
checking.
Host key verification failed.
Note that a) I have an IP address which changes usually once a day and
b) whatever node has the cluster IP address will respond to the incoming
request. Both the IP address and also the node with the cluster alias
have changed in the past. SSH probably wasn't meant for this sort of
setup. Could the problem be that the IP address and the cluster-alias
node changed at the same time?
When using a cluster alias, you really want all cluster members
to use the same host key. Under:
HP TCP/IP Services for OpenVMS Alpha Version V5.6 - ECO 3
on an hp AlphaServer GS1280 7/1300 running OpenVMS V8.3
the ssh hostkey is located in TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2],
where TCPIP$SSH_DEVICE defaults to SYS$SYSDEVICE.
IIRC, you have several system disks in your cluster. So you
really have two choices:
1) Reconfigure TCPIP$SSH_DEVICE to point to your
cluster-common disk (I don't know if this is supported
of feasible...);
2) Choose one "master" node, and copy its HOSTKEY. and
HOSTKEY.PUB to the other cluster members' ssh
directories.
Once the change is made, connecting from your various "outside"
systems will ask you to confirm the new hostkey (except for the
node that you copied from). Just confirm with a "yes" and get
on with your life. :-) [I think this is all that's needed; you may
need to copy the HOSTKEY.PUB to the outside system, but
I think the SSH protocol will do that for you if you confirm that
you want to connect.]
-Ken
.
- Follow-Ups:
- Re: SSH mysteriously stops working
- From: JOUKJ
- Re: SSH mysteriously stops working
- From: Jose Baars
- Re: SSH mysteriously stops working
- References:
- SSH mysteriously stops working
- From: Phillip Helbig---undress to reply
- Re: SSH mysteriously stops working
- From: JOUKJ
- Re: SSH mysteriously stops working
- From: Phillip Helbig---undress to reply
- SSH mysteriously stops working
- Prev by Date: Re: to upgrade or not to upgrade
- Next by Date: Re: SSH mysteriously stops working
- Previous by thread: Re: SSH mysteriously stops working
- Next by thread: Re: SSH mysteriously stops working
- Index(es):
Relevant Pages
|
