ISG News has posted a new item, 'New SSH Host Keys on Managed Linux Machines and
partial BackupPC outage'
After several years it was time to update the SSH host keys of our managed Linux
machines. Therefore, if you reconnect with SSH, you might get a warning similar
to this one:
ssh login.phys.ethz.ch
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
36:04:d8:3d:89:a2:76:19:ef:b6:f0:0a:f2:5c:81:a3.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending key in ~/.ssh/known_hosts:1
RSA host key for login.phys.ethz.ch has changed and you have requested strict
checking.
Host key verification failed.
This is because your computer has memorized the previous host key and is bailing
because the current one is different. This mechanism is designed to prevent
users from man-in-the-middle attacks. In our case it can be treated as a mere
notification that the SSH key has changed.
In order to get rid of this warning, you simply need to delete the old key from
your ~/.ssh/known_hosts file. This can be done either by deleting the entry
manually or with the following command
ssh-keygen -R login.phys.ethz.ch
for the machine you try to ssh into.
On the next SSH connection you will be prompted to accept the new key. Power
users may also download the full list of SSH keys of all our managed Linux
computers.
On a side note, one of our BackupPC servers is currently offline because of a
broken capacitor on the mainboard. Hosts connected to backuppc2.phys.ethz.ch
will not be able to make backups or restore files until the broken part has been
repaired.
You may view the latest post at
https://nic.phys.ethz.ch/news/2015/08/12/new-ssh-host-keys-on-managed-linux…
You received this e-mail because you asked to be notified when new updates are
posted.
Best regards,
Claude Becker
becker(a)phys.ethz.ch