On Tue, Sep 23, 2014 at 04:45:50PM -0400, shawn wilson wrote: > On Tue, Sep 23, 2014 at 10:20 AM, Keith Lawson <ke...@nowhere.ca> wrote: > > Hello, > > > > I'm running jessie on my laptop and after doing a dist-upgrade yesterday I'm > > getting SSH host key errors for a bunch of servers I've been connecting to > > for years: > > > > IDK this has anything to do with the problem you're seeing (unless you > have something wacky with your ~/.ssh - like it symlinked to /etc/ssh > or something). So, I'll just go on the assumption that this is > coincidence... > > > The authenticity of host 'blah' can't be established. > > RSA key fingerprint is e8:08:db:b0:e7:38:57:d4:82:a8:a4:1c:42:f0:25:09. > > Are you sure you want to continue connecting (yes/no)? > > > > The host keys are in ~/.ssh/known_hosts and haven't changed on the server > > side. Looking at the openssl, openssh-server and openssh-client change logs > > I don't see anything that would explain this behavior. Is anyone aware of > > any changes in openssh-client in jessie that would cause certain server keys > > that were previously working to be invalid? > > > > The host keys are in known_hosts, but are the proper keys (the one you > listed above - see ssh-keygen -lf /etc/ssh/ssh/ssh_host_rsa_key.puh on > the server) listed there? Does your user own the file and is it mod > 660 or less? Are you logging into the server you think you are (did > you typo an ip in your ssh_config or is someone mitm you)? > >
Gah. So I'm way overthinking the problem. Found my issue: $ ls -ltrh total 184K -rwxr-xr-x 1 keith keith 393 Sep 2 11:05 id_rsa.pub -rw------- 1 keith keith 1.8K Sep 2 11:05 id_rsa -rw------- 1 keith keith 142K Sep 19 09:47 known_hosts.old -rw-r--r-- 1 keith keith 11K Sep 24 10:10 known_hosts $ cat known_hosts|wc 31 93 11034 $ cat known_hosts.old |wc 449 1347 145230 So now my question becomes what creates known_hosts.old? In my experience I've only seen ssh-keygen -R do that when it backs up known_hosts. This is starting to feel like user error. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140924151209.ga20...@nowhere.ca