Just upgraded Solaris 8 to 9.
Now, when I try to ssh in from a linux box I am getting:
(actual key and domain changed to protect the innocent. )

I am not familiar with the rsa key stuff.
I can't contact the admin, for I am he.
How do I: Add correct host key in /home/user1/.ssh/known_hosts to get rid of this message.

Also, I see that it says: Offending key in /home/user1/.ssh/known_hosts:2
But I don't know what to do about it.

Thanks for any help.

Edit the file /home/user1/.ssh/known_host with your favorite editor and remove the key. The keys have the format of:

Delete the second one next time you log in with ssh it will ask you if you want to import the key for the unknown host say yes and it will import the key and work.

OK, the known_hosts file only had 2 lines, both for the same box, one by IP and one by domain name.
So, I simply renamed (as opposed to deleted, for now) the known_hosts file and tried again.
This time, along with a new known_hosts file, I get:
I know the password is correct? What else do I need to do to get past this?

Thanks for the reply.

Well since you have strict host checking turned on you most likely have the no ROOT login turned on as well, try logining in as a normal user on the machine (you do have a normal user account on the box right?) then su to get to root which is the recommended way to do things anyway.

Actually, I don't have a user id on the machine. I am using root from a machine right next to the solaris box in the network closet. Other people do have accounts, and they aren't going to be able to ssh in until I find out how to resolve this issue. One guy has already reported that he can't ssh in from his windows machine.

Possibly, that strict restriction was set to 'no' before the upgrade and possibly I need to figure out how to turn that off. Or, it was set to be strict and then I have to figure out why I am getting the permission denied now.
Before the upgrade, this worked:
[user1@linux user1]$ ssh thisbox.thisdomain.com -l root

So, how do I get the above line to work again without a permission denied?

Thanks!

If I type in the root password 3 times, the third permission denied message looks like this:

Permission denied (publickey,password).

Is this now looking for something more than a password? If it is looking for a publickey entry of some sort to be typed in, then I need to turn that off, apparently, since I didn't get this before.

Right? Wrong?

Thanks..

I found the /etc/ssh/sshd_config file and PermitRootLogin was set to no.
After I went into my local $HOME/.ssh/known_hosts and deleted the previous line for thesolarisbox.thisdomain.com, I set PermitRootLogin to yes and was able to log in. I am new to this and appreciate the input. I created myself another userid so I can set that back to no. The new user had no rsa key problems.

Now, I have a user who is trying to login from a Windows machine using ssh via SecureCRT. Something he did freely before the solaris upgrade. I believe he also got the big warning about host identification changing. Apparently he was able to do the windows equivalent of deleting the rsa line from the known_hosts file. (What is that by the way, if you know?) But, he is still unable to login. He still gets some RSA authentication error of some sort. I'll have to double check that tomorrow at the office.
Is there a method, or something, to follow to get ssh going after an upgrade changes things? Especially tasks to do for the current users, either from the ssh server machine or from each client machine, linux, Solaris, and Windows?

Thanks...

this is what i do when when the ssh key changed.
vi known_host2, and deleted the file content, save it and let it an empty.
do the ssh again.

Yeah, I did the modification to known_hosts on my linux box, as I stated in my post.

I need to know what a windows user, using SecureCRT, or some other ssh client app, needs to do.

in my case, the windows user didn't do anything in their part, just redo the ssh again with the ssh client such putty and everything going smoothly.
Try it, there is nothing to lose.

Wel, I'm happy for them.

Anybody else have some ideas regarding this ssh issue for me.

Thanks.

Ok, the windows user deleted his local profile and and now he is able to ssh back in with a newly created profile.