Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Just upgraded Solaris 8 to 9.
Now, when I try to ssh in from a linux box I am getting:
Quote:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn.
Please contact your system administrator.
Add correct host key in /home/user1/.ssh/known_hosts to get rid of this message.
Offending key in /home/user1/.ssh/known_hosts:2
RSA host key for thisbox.thisdomain.com has changed and you have requested strict checking.
Host key verification failed.
(actual key and domain changed to protect the innocent. )
I am not familiar with the rsa key stuff.
I can't contact the admin, for I am he.
How do I: Add correct host key in /home/user1/.ssh/known_hosts to get rid of this message.
Also, I see that it says: Offending key in /home/user1/.ssh/known_hosts:2
But I don't know what to do about it.
Originally posted by itsjustme Just upgraded Solaris 8 to 9.
Now, when I try to ssh in from a linux box I am getting:
(actual key and domain changed to protect the innocent. )
I am not familiar with the rsa key stuff.
I can't contact the admin, for I am he.
How do I: Add correct host key in /home/user1/.ssh/known_hosts to get rid of this message.
Also, I see that it says: Offending key in /home/user1/.ssh/known_hosts:2
But I don't know what to do about it.
Thanks for any help.
Edit the file /home/user1/.ssh/known_host with your favorite editor and remove the key. The keys have the format of:
Delete the second one next time you log in with ssh it will ask you if you want to import the key for the unknown host say yes and it will import the key and work.
OK, the known_hosts file only had 2 lines, both for the same box, one by IP and one by domain name.
So, I simply renamed (as opposed to deleted, for now) the known_hosts file and tried again.
This time, along with a new known_hosts file, I get:
Quote:
[user1@linux user1]$ ssh thisbox.thisdomain.com -l root
The authenticity of host 'thisbox.thisdomain.com (nn.nn.nn.nn)' can't be established.
RSA key fingerprint is nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn:nn.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'thisbox.thisdomain.com,nn.nn.nn.nn' (RSA) to the list
of known hosts. root@thesolarisbox.thisdomain.com's password:
Permission denied, please try again. root@thesolarisbox.thisdomain.com's password:
I know the password is correct? What else do I need to do to get past this?
Originally posted by itsjustme OK, the known_hosts file only had 2 lines, both for the same box, one by IP and one by domain name.
So, I simply renamed (as opposed to deleted, for now) the known_hosts file and tried again.
This time, along with a new known_hosts file, I get:
I know the password is correct? What else do I need to do to get past this?
Thanks for the reply.
Well since you have strict host checking turned on you most likely have the no ROOT login turned on as well, try logining in as a normal user on the machine (you do have a normal user account on the box right?) then su to get to root which is the recommended way to do things anyway.
Actually, I don't have a user id on the machine. I am using root from a machine right next to the solaris box in the network closet. Other people do have accounts, and they aren't going to be able to ssh in until I find out how to resolve this issue. One guy has already reported that he can't ssh in from his windows machine.
Possibly, that strict restriction was set to 'no' before the upgrade and possibly I need to figure out how to turn that off. Or, it was set to be strict and then I have to figure out why I am getting the permission denied now.
Before the upgrade, this worked:
[user1@linux user1]$ ssh thisbox.thisdomain.com -l root
So, how do I get the above line to work again without a permission denied?
If I type in the root password 3 times, the third permission denied message looks like this:
Permission denied (publickey,password).
Is this now looking for something more than a password? If it is looking for a publickey entry of some sort to be typed in, then I need to turn that off, apparently, since I didn't get this before.
I found the /etc/ssh/sshd_config file and PermitRootLogin was set to no.
After I went into my local $HOME/.ssh/known_hosts and deleted the previous line for thesolarisbox.thisdomain.com, I set PermitRootLogin to yes and was able to log in. I am new to this and appreciate the input. I created myself another userid so I can set that back to no. The new user had no rsa key problems.
Now, I have a user who is trying to login from a Windows machine using ssh via SecureCRT. Something he did freely before the solaris upgrade. I believe he also got the big warning about host identification changing. Apparently he was able to do the windows equivalent of deleting the rsa line from the known_hosts file. (What is that by the way, if you know?) But, he is still unable to login. He still gets some RSA authentication error of some sort. I'll have to double check that tomorrow at the office.
Is there a method, or something, to follow to get ssh going after an upgrade changes things? Especially tasks to do for the current users, either from the ssh server machine or from each client machine, linux, Solaris, and Windows?
in my case, the windows user didn't do anything in their part, just redo the ssh again with the ssh client such putty and everything going smoothly.
Try it, there is nothing to lose.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.