Ssh Connection in Suse Linux
 

Hi Guys,

I am new to Linux,
In Suse Linux , I am unable to SSH, I tried sshroot@10.0.0.1, I get an error in my console as below.Please give me the step by step procedure to fix the problem.

I get an error in my console as

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
3b:97:34:33:2b:31:b5:e7:cd:5e:8c:a4:43:2d:29:b7.
Please contact your system administrator.
Add correct host key in /home/db/.ssh/known_hosts to get rid of this message.
Offending key in /home/db/.ssh/known_hosts:17
RSA host key for 10.0.0.1 has changed and you have requested strict checking.
Host key verification failed.

Are root logins to ssh enabled on the machine??

Check the sshd config... (don't post the whole thing here, as it would ID the port assigned to ssh logins).

You probably DON'T want to ssh as root, but ssh as a regular user and get root by su'ing or (better yet) using sudo. Getting root logins on a server is poor security procedure. You should also consider changing the port from the default 22 to something in the 50000+ range, if you haven't already. Doing that won't make you immune to attack, but it should help keep out the common script kiddies and the bots they use.

By the way, ... The above message indicates that the keys don't match,... and it tells you what to look at...

Hi Buddy,
I cant able to ssh in any of the user,
What Can I do??

Follow up;


I'm not a SuSE user,... Not since about 2004, anyway... but found this helpful guide;
http://en.opensuse.org/SDB:Configure_openSSH

Check that out...

As I can see the output, login using simple password will not possible on this machine, but will be possible using "passphrase"
For that you'll need to generate your ssh keys using:
# ssh-keygen -t rsa
This will generate two files id_rsa.pub and id_rsa.
Now, this needs to be copied to the authorized_keys file on server you're accessing.
Copy the file to the remote server server_rsa.pub and then append the contents to authorized_keys as follows. This will allow the existing authroized_keys from being wiped off.
# scp id_rsa.pub serverB:~/.ssh/serverA_rsa.pub
# cat serverA_rsa.pub >> authorized_keys

Further, first read the following document: http://en.wikipedia.org/wiki/Ssh-keygen

It means that you've either connected to another computer with the same IP address before, the remote computer has been reinstalled, or for some other reason, the public key of the remote computer has changed.

Just edit ~/.ssh/known_hosts with a text editor of your choice and remove the line starting with '10.0.0.1'

When you try to ssh afterwards, you should get a prompt to accept the new public key.