LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   SSH: ECDSA / RSA conflict? (https://www.linuxquestions.org/questions/linux-security-4/ssh-ecdsa-rsa-conflict-872520/)

hydraMax 04-02-2011 12:33 AM

SSH: ECDSA / RSA conflict?
 
I've used ssh for a long time, but recently I set up a new server on my LAN. Often when I try to connect to it I get a message like so:

Code:

Warning: the ECDSA host key for '<snip>' differs from the key for the IP address '<snip>'
Offending key for IP in /home/<snip>/.ssh/known_hosts:14
Matching host key in /home/<snip>/.ssh/known_hosts:12
Are you sure you want to continue connecting (yes/no)?

What is weird is that, in the known_hosts file, the entry for the ip address (line 14) is a "ssh-rsa" type, but the entry for the hostname is a "ecdsa-sha2-nistp256", even though they both connect to the same server. What is going on here?

unSpawn 04-02-2011 07:07 PM

The release (http://openssh.com/txt/release-5.7) says "ssh(1): automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. This avoids hostkey warnings when connecting to servers with new ECDSA keys, since these are now preferred when learning hostkeys for the first time" so that may be confusing things here. Since you know the key change is legitimate (right?) remove the old key and use 'ssh-keyscan' to re-learn keys for your known_hosts file?


All times are GMT -5. The time now is 03:31 AM.