[Nix-dev] Why did my SSH host keys change?
Alexander Zubkov
green at msu.ru
Tue Aug 4 20:46:15 CEST 2015
It does not change. But different key type is selected when connecting
to the server. In this case ssh client shows that it is "different" key.
You can see that ED25519 key is selected, but in your known_hosts there
is ECDSA key saved.
On 08/04/2015 09:32 PM, James Cook wrote:
> Over the past couple of weeks I updated two of my NixOS computers on
> the unstable branch. In each case, the SSH ED25519 key fingerprint
> changed, prompting the message below when I tried to ssh in from other
> computers. Any idea what could have caused this?
>
> (I verified manually that I'm probably not being MITMd, i.e. the newly
> presented key fingerprint matched /etc/ssh/ssh_host_ed25519_key.pub's
> fingerprint.)
>
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that a host key has just been changed.
> The fingerprint for the ED25519 key sent by the remote host is
> d0:fa:62:4e:78:90:53:1a:45:ea:d4:6a:09:ac:98:28.
> Please contact your system administrator.
> Add correct host key in /home/james/.ssh/known_hosts to get rid of this message.
> Offending ECDSA key in /home/james/.ssh/known_hosts:102
> remove with: ssh-keygen -f "/home/james/.ssh/known_hosts" -R ostrich
> ED25519 host key for ostrich has changed and you have requested strict checking.
> Host key verification failed.
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
More information about the nix-dev
mailing list