Re: Centos hold me back from work - sshd ...bull

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I know how todo. I try it out tomorrow. But it’s the first time with this kind of problem
with a fresh installed centos 7.

Thanks 
Valeri.

> Am 28.04.2016 um 16:20 schrieb Valeri Galtsev <galtsev@xxxxxxxxxxxxxxxxx>:
> 
> 
> On Thu, April 28, 2016 8:56 am, mdubendris@xxxxxxxxx <mailto:mdubendris@xxxxxxxxx> wrote:
>> The problem is not with your installation of CentOS, it is with the
>> computer you are connecting from. Read the error log you pasted earlier,
>> it
>> tells you exactly what the problem is and how to remedy it:
>> 
>>> 
>>> Add correct host key in /Users/andy/.ssh/known_hosts to get rid of this
>>> message.
>>> Offending ECDSA key in /Users/andy/.ssh/known_hosts:22
>> 
>> 
>> Open up the file /Users/andy/.ssh/known_hosts and delete line 22.
>> 
> 
> (sorry if I repeat what someone already said - it is already long thread,
> and I'm reading my mail from latest messages to oldest...)
> 
> Usually host key (of remote machine) could change for the following reasons:
> 
> 1. benign reasons: remote machine system was reinstalled and/or ssh server
> keys were re-generated, or some machine was retired and different machine
> re-used its IP, or for some other reason, like changes in DNS, you are
> connecting to _different_ system that has same IP as the one you were
> connecting to in the past
> 
> In this case it is indeed safe to delete old known keys resembling this
> host (there may be more that one), then ssh to it and accept new key
> 
> 2. Bad reasons: remote machine is hijacked and host keys have changed. Or,
> as ssh error message says, it may be "man in the middle" attack. If some
> intermediate malicious machine is able to intercept your traffic, it can
> make encrypted ssh tunnel between source machine and itself, and between
> itself and destination machine, having all traffic in clear text on
> itself. The only thing that stops this "man in the middle" is you, as you
> are verifying the host key, and "man in the middle" can not use as host
> key the key of remote machine (he would need both secret and public key of
> the pair for that). This is how ssh is designed to ensure you are talking
> to the machine you think you are talking to.
> 
> If this is the case, you shouldn't continue, instead right thing to do is
> to first make sure that indeed the key of remote machine was changed by
> its admin. Calling remote machine's sysadmin would be right thing to do.
> 
> I hope, this helps.
> 
> Valeri
> 
> 
>> On Thu, Apr 28, 2016 at 2:31 AM, Andreas Benzler <andreas@xxxxxxxxxxxxx>
>> wrote:
>> 
>>> Same machine iMac for the last two weeks.
>>> 
>>> Can work on virtual box  Centos 7
>>> Usb drive installation Centos 7 works
>>> 
>>> Fresh installation not on this laptop.
>>> 
>>>> Am 28.04.2016 um 11:25 schrieb Earl A Ramirez
>>> <earlaramirez@xxxxxxxxx>:
>>>> 
>>>> On 28 Apr 2016 11:24, "Andreas Benzler" <andreas@xxxxxxxxxxxxx> wrote:
>>>>> 
>>>>> sure
>>>>>> Am 28.04.2016 um 11:16 schrieb Earl A Ramirez
>>> <earlaramirez@xxxxxxxxx
>>>> :
>>>>>> 
>>>>>> On 28 Apr 2016 11:11, "John R Pierce" <pierce@xxxxxxxxxxxx> wrote:
>>>>>>> 
>>>>>>> On 4/28/2016 2:02 AM, Andreas Benzler wrote:
>>>>>>>> 
>>>>>>>> what is wrong with the default sshd server.
>>>>>>>> 
>>>>>>>> after retry to connect sshd - key changed from known hosts????
>>>>>>> 
>>>>>>> 
>>>>>>> I've installed centos a LOT of times, versions 5, 6, and 7, and
>>> never
>>>> had
>>>>>> any issues with the built in sshd service, and a variety of clients,
>>>>>> including other linux ssh, putty and securecrt on windows, gui
>>> SCP/SFTP
>>>>>> utilties(they use sshd too), freebsd ssh, solaris ssh, aix ssh.
>>>>>>> 
>>>>>>> the "key changed from known_hosts" error happens if your client had
>>>>>> previously connected with  the same "user@hostname" on a previous
>>>>>> installation of the server OS with a different ssh_host_key
>>>>>>> 
>>>>>>> 
>>>>>>> you need to provide a lot more information if you expect a more
>>>> specific
>>>>>> answer from anyone, like what version of CentOS did you install,
>>> what
>>>>>> client software you're using to connect to it, any pertinent
>>> background
>>>>>> information like was this hostname previously used for a different
>>> OS
>>>>>> install, etc etc.
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> --
>>>>>>> john r pierce, recycling bits in santa cruz
>>>>>>> 
>>>>>>> _______________________________________________
>>>>>>> CentOS mailing list
>>>>>>> CentOS@xxxxxxxxxx
>>>>>>> https://lists.centos.org/mailman/listinfo/centos
>>>>>> 
>>>>>> You installed the server with the same IP, you need to remove the
>>> entry
>>>>>> from the known hosts, which is located in .ssh on the computer you
>>> are
>>>>>> trying to connect to.
>>>>>> _______________________________________________
>>>>>> CentOS mailing list
>>>>>> CentOS@xxxxxxxxxx
>>>>>> https://lists.centos.org/mailman/listinfo/centos
>>>>> 
>>>>> _______________________________________________
>>>>> CentOS mailing list
>>>>> CentOS@xxxxxxxxxx
>>>>> https://lists.centos.org/mailman/listinfo/centos
>>>> 
>>>> I meant the computer you are trying to connect from.
>>>> _______________________________________________
>>>> CentOS mailing list
>>>> CentOS@xxxxxxxxxx
>>>> https://lists.centos.org/mailman/listinfo/centos
>>> 
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS@xxxxxxxxxx
>>> https://lists.centos.org/mailman/listinfo/centos
>>> 
>> _______________________________________________
>> CentOS mailing list
>> CentOS@xxxxxxxxxx
>> https://lists.centos.org/mailman/listinfo/centos
>> 
> 
> 
> ++++++++++++++++++++++++++++++++++++++++
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> ++++++++++++++++++++++++++++++++++++++++
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx <mailto:CentOS@xxxxxxxxxx>
> https://lists.centos.org/mailman/listinfo/centos <https://lists.centos.org/mailman/listinfo/centos>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux