Hi,
Thanks.
Our admin wrote me after I contacted him. He says they changed the server
early this morning. I dare say then that our guess may be correct.
He is going to work on the key at his end though.
I am not using Debian in any form so cannot update my ssh telnet client
that way.
My guess based on your wisdom though is that my client is using the old
sheet music for instead of the new arrangement.
I do feel better knowing the server was changed.
Kare
On Tue, 17 Mar 2015, Darac Marjal wrote:
On Tue, Mar 17, 2015 at 11:09:40AM -0400, Karen Lewellen wrote:
Hi,
Sorry this is done in a hurry because now the only way I can reach my inbox
is via dial up and unsecured TELNET.
Yesterday afternoon the admin for shellworld sent me a warning to change
both of my passwords, which i did.
This morning I find I cannot ssh TELNET into shellworld, or my own site at
all.
The error is that there he dsa key exchange has failed with the remote host
closing the connexion, closed by peer.
"Key Exchange Failed" probably means that your client and server
couldn't agree on a set of parameters to authenticate each others keys.
At a guess, I'd say that shellworld have changed the parameters of their
server to be more secure, but your client doesn't know how to use those
parameters. In that case, update your SSH client to the latest version
(for debian, that's probably openssh 1:6.6p1-4~bpo70+1 from backports or
newer).
my own provider is fine, I can ssh TELNET elsewhere.
But the dsa key here is now altered in a way likely unplanned by shellworld.
More thoughts?
Thanks for the wisdom!
And sorry for the mess.
Kare
On Mon, 16 Mar 2015, Darac Marjal wrote:
On Mon, Mar 16, 2015 at 11:42:50AM -0400, Karen Lewellen wrote:
Hi all,
Going to ask about this on other lists, but thought I would check here.
I use a shell service called shellworld.
www.shellworld.net
they also host my domain karenlewellen.com
One of the many advantages is that I can ssh -l between both workspaces for
tasks.
However when I tried doing this a few moments ago,
ssh -l karen karenlewellen.com
I got the message,
warning permanently added to the dsa key for ip address <address stated
correctly> for karenlewellen.com
It then asked for my password as normal.
I did not complete this ssh because of the warning.
should I be concerned about the warning added to the shellworld ip address?
the ip was stated correctly, I recognize it from other uses.
I suspect the warning you got was "Permanently added 'karenlewellen.com'
(RSA) to the list of known hosts".
The typical sequence of events is that, when you connect to a machine,
SSH establishes a connnection and both sides exchange keys. You
authenticate to the server, but also the server authenticates itself to
you. The first time you connect, the key the server presents will be
unknown so you get a message like:
The authenticity of host 'penguin.example.net' can't be established.
DSA key fingerprint is 94:68:3a:3a:bc:f3:9a:9b:01:5d:b3:07:38:e2:11:0c.
Are you sure you want to continue connecting (yes/no)?
If you answer yes here, the key is cached (in ~/.ssh/known_hosts) and
you get the message:
Warning: Permanently added 'penguin.example.net' (RSA) to the list of
known hosts.
Now, if the key on the remote hosts changes (either because you
regenerated the host key on the server, or because you're connecting to
a different host - possibly not to your knowledge), then you get a big
warning saying
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
However - and this is the part I'm not too sure on - if you connect to a
different host and receive a key you already know (for example, if the
host changes IP address), then I think SSH will do what you've seen:
warn you that it's using a key that you already trust to connect to a
different machine. This is only a warning. The chance of somebody being
able to reproduce your host key on a different machine are considered
slim.
In summary, your remote host's IP may have changed.
Thanks,
Karen
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject
of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/pine.bsf.4.64.1503161133300.68...@server1.shellworld.net
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject
of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/pine.bsf.4.64.1503171103180.69...@server1.shellworld.net
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/pine.bsf.4.64.1503171214100.76...@server1.shellworld.net
