Hmm, tot nu mi-e foarte clar ce se intampla, dar problema se rezolva daca adaug manual cheia serverului meu la .ssh/known_hosts
cat ~/.ssh/known_hosts server.acasa.com ecdsa-sha2-nistp256 AAAAE2V[...] ssh user@*www*.acasa.com -o [...] ==> REMOTE HOST IDENTIFICATION HAS CHANGED ssh user@*server*.acasa.com -o [...] ==> ok Aparent daca nu gaseste o cheie explicita atunci face pattern-matching la domeniul/ip-ul care corespunde proxy-ului (in /etc/ssh/known_hosts). Mihai On Wed, Nov 6, 2019 at 3:55 PM Mihai Osian <mihai.os...@gmail.com> wrote: > Salut, > > La locul meu de munca se foloseste un HTTP proxy pentru conexiunile catre > exterior. In browser proxy-ul e configurat automat si arata ceva de genul > http://pac.companyproxy.com:9512/proxy.pac > > Ambitia mea este sa ma conectez cu ssh la calculatorul de acasa. Citind > howto-uri am ajuns la urmatoarea formula: > > ssh e...@acasa.com -o "ProxyCommand ~/bin/corkscrew pac.companyproxy.com > 9512 www.acasa.com 22 ~/.ssh/auth" > > Acest "corkscrew" e un mic programel care se conecteaza la proxy folosind > HTTP si trimite username+parola pentru autentificare (specificate in > ~/.ssh/auth sau intr-o variabila de mediu). Ruland linia de mai sus obtin > asa: > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that a host key has just been changed. > The fingerprint for the RSA key sent by the remote host is > SHA256:OhXPy3SjwV3zei5RGwCaQ4zFIVYfDvl/B+WAuDiGQgw. > Please contact your system administrator. > Add correct host key in /auto/home/mih/.ssh/known_hosts to get rid of this > message. > Offending RSA key in /etc/ssh/ssh_known_hosts:627 > RSA host key for <acasa> has changed and you have requested strict > checking. > Host key verification failed. > > Linia 627 din /etc/ssh/ssh_known_hosts arata asa: > mih@dhws039: sed '627!d' /etc/ssh/ssh_known_hosts > *,<proxy_ip_prefix>.* ssh-rsa AAAAB3Nza[...] > > Daca rulez ssh cu "-vv" vad asa: > ssh -vv m...@acasa.com -o "ProxyCommand ~/bin/corkscrew > pac.companyproxy.com 9512 www.acasa.com 22 ~/.ssh/auth" > > OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 > debug1: Reading configuration data /auto/home/mih/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 51: Applying options for * > debug1: Executing proxy command: exec /auto/home/mih/bin/corkscrew > pac.<proxy>.com 9512 <acasa> 22 /auto/home/mih/.ssh/auth > debug1: permanently_drop_suid: 10336 > debug1: identity file /auto/home/mih/.ssh/id_rsa type 1 > debug1: key_load_public: No such file or directory > [...] > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_7.4 > > *debug1: Remote protocol version 2.0, remote software version > OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420debug1: match: > OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420 pat OpenSSH_6.6.1* compat > 0x04000000* > debug1: Authenticating to acasa:22 as 'mike' > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: algorithm: curve25519-sha...@libssh.org > debug1: kex: host key algorithm: ssh-rsa > debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: > <implicit> compression: none > debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: > <implicit> compression: none > debug1: kex: curve25519-sha...@libssh.org need=64 dh_need=64 > debug1: kex: curve25519-sha...@libssh.org need=64 dh_need=64 > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY > debug1: Server host key: ssh-rsa > SHA256:OhXPy3SjwV3zei5RGwCaQ4zFIVYfDvl/B+WAuDiGQgw > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that a host key has just been changed. > The fingerprint for the RSA key sent by the remote host is > SHA256:OhXPy3SjwV3zei5RGwCaQ4zFIVYfDvl/B+WAuDiGQgw. > Please contact your system administrator. > Add correct host key in /auto/home/mih/.ssh/known_hosts to get rid of this > message. > Offending RSA key in /etc/ssh/ssh_known_hosts:627 > RSA host key for erebus has changed and you have requested strict checking. > Host key verification failed. > mih@dhws039: > > Linia subliniata mai sus ("*OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420") *e > serverul de acasa, deci ajunge pana acolo, dar apoi o ia razna. De > asemenea, rulat singur din linia de comanda programelul corkscrew isi face > treaba: > > mih@dhws039: /auto/home/mih/bin/corkscrew <proxy> 9512 <acasa> 22 > /auto/home/mih/.ssh/auth > SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420 > > Poate cineva sa ma lamureasca ce se intampla ? Cum isi obtine ssh-ul > cheile de server, si de ce ajunge sa le confunde cu alea de la proxy ? > > Mihai > > _______________________________________________ RLUG mailing list RLUG@lists.lug.ro http://lists.lug.ro/mailman/listinfo/rlug_lists.lug.ro
