LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-24-2010, 07:49 AM   #1
pgte3
Member
 
Registered: Aug 2004
Posts: 62

Rep: Reputation: 15
sftp issue


Trying to sftp (get) a file, and am getting the following message:

spawn sftp -oPort=10022 jn000JN@sftp.section111.cms.hhs.gov
Connecting to sftp.section111.cms.hhs.gov...
The authenticity of host 'sftp.section111.cms.hhs.gov (204.76.173.42)' can't be established.
DSA key fingerprint is 66:64:07:cc:39:89:56:2b:3b:4c:fd:cc:3d:2a:7a:9c.
Are you sure you want to continue connecting (yes/no)?

Is this an issue with keys? Where are the keys on a sftp client stored? I am running this sftp script from a different directoy than normal if that matters.
 
Old 11-24-2010, 08:08 AM   #2
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978Reputation: 1978
This means that your local machine doesn't know about the fingerprint (DSA key) of the remote server. The ssh daemon asks if you trust the remote server and eventually import (add) the DSA key into the file $HOME/.ssh/known_hosts. This happens only the first time you try to connect to an unknown server, then you will never be prompted again unless:
  1. you remove the key from the known_hosts file
  2. the fingerprint of the remote server changes for some reason.
 
Old 11-24-2010, 08:11 AM   #3
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671
My guess is that PKI authentication isn't used, and the keys have been replaced on the server. The fingerprint from the server, doesn't match the information in your .ssh/known_hosts file. It could also be a man-in-the-middle attack. If the former is true, you could delete the line for this server in ~/.ssh/known_hosts. If the latter, it isn't save to proceed.
 
Old 11-24-2010, 09:07 AM   #4
pgte3
Member
 
Registered: Aug 2004
Posts: 62

Original Poster
Rep: Reputation: 15
Thanks for the response colucix. Once I replied "yes" to the message, an entry was made $HOME/.ssh/known_hosts file. A sftp after that I was not prompted again. A change in the key on the server side at this point would probably cause a prompt message again I assume.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] SFTP file upload bash script issue. moodah Programming 1 10-07-2010 10:55 PM
[SOLVED] sftp issue c0pe Red Hat 3 07-12-2010 09:02 AM
Sftp log issue on RHEL 4 ZAMO Linux - Enterprise 3 03-10-2010 11:32 AM
sftp issue on rhel 5.4 protos78 Red Hat 12 01-12-2010 02:47 PM
How do I use sftp to upload my web site? (no sftp tar command) johnMG Linux - Networking 6 06-21-2005 09:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration