On Apr 28, 2016, at 3:15 AM, John R Pierce <pierce@xxxxxxxxxxxx> wrote:
>
> On 4/28/2016 2:09 AM, Andreas Benzler wrote:
>> ine-imac-andy:~ andy$ ssh -vvvandy@141.52.135.21
>
>
>> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.8
>> debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.8 pat OpenSSH_5* compat 0x0c000000
>
>
> thats not CentOS.
>
> are you sure you're connecting to the right address ?
Many of the other answers are ignoring this detail by simply recommending that the OP remove the offending line from known_hosts and try again. That’s an excellent way to get MITM’d!
When OpenSSH warns you that the remote host’s key is different from the one it saw before, you *must not ignore it* unless you know exactly why it changed.
Don’t guess! Verify.
How?
Log into the intended host over some trusted channel, then say:
for f in /etc/ssh/ssh_host_*_key ; do ssh-keygen -lf $f ; done
If none of those values exactly matches
SHA256:KIKE0V+Hm1UW4XtpTAVsl/7QWqJSVoQHfLnjj3vn/nM.
then OpenSSH is right to prevent your login. It means you aren’t connecting to the server you think you are. It might be a benign misconfiguration or it might be a MITM attempt.
This is potentially a game-over scenario. Don’t ignore it.
See also this article on the TOFU problem:
https://en.wikipedia.org/wiki/Trust_on_first_use
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
