Thread: SSH failure when connecting to another machine via X
View Single Post
  #2   (View Single Post)  
Old 26th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
  
Join Date: May 2008
Location: USA
Posts: 7,983
Default
Quote:
Originally Posted by daemonfowl View Post
Thanks jggimi ! I still can't log in on to X ..
You have not bothered to show this failed connection to 192.168.1.3, leaving me to wonder what you mean by "can't log in on to X".

Instead, you hijacked your own thread to discuss a new, unrelated problem connecting to your 192.168.1.2 machine. I'll ask an admin to split this thread for you again.

Let's read the error message you received, together. I'm going to break it up into separate lines, so that it is easier to read, and break it up into separate code boxes, for discussion.

Here's the first part of the message. Note the highlighted text:
Code:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! 
Someone could be eavesdropping on you right now 
(man-in-the-middle attack)! It is also possible that a host 
key has just been changed.
Now, let's read this section of the ssh(1) man page, and the text I've highlighted:
Code:
     ssh automatically maintains and checks a database containing
     identification for all hosts it has ever been used with.  Host keys are
     stored in ~/.ssh/known_hosts in the user's home directory.  Additionally,
     the file /etc/ssh/ssh_known_hosts is automatically checked for known
     hosts.  Any new hosts are automatically added to the user's file.  If a
     host's identification ever changes, ssh warns about this and disables
     password authentication to prevent server spoofing or man-in-the-middle
     attacks, which could otherwise be used to circumvent the encryption.  The
     StrictHostKeyChecking option can be used to control logins to machines
     whose host key is not known or has changed.
The first time OpenBSD boots after install, it spends some time building host keys for all its standard network host services. If you re-install OpenBSD, new keys will be created.

The ssh(1) program has prevented connection, because you previously told it to store a different host key for the computer at 192.168.1.2.

Now let's read the rest of that message from ssh(1). Note my highlights:
Code:
The fingerprint for the RSA key sent by the remote host is 
dd:e1:66:35:41:4f:80:3c:d8:9b:4d:39:9b:46:77:55. Please 
contact your system administrator. Add correct host key in 
/home/nyx/.ssh/known_hosts to get rid of this message. 
Offending RSA key in /home/nyx/.ssh/known_hosts:2 RSA host 
key for 192.168.1.2 has changed and you have requested 
strict checking. Host key verification failed.
Last edited by jggimi; 26th July 2012 at 07:55 PM. Reason: clarity
Reply With Quote