CentOS - Apr 2016 - Centos hold me back from work - sshd ...bull

The problem is not with your installation of CentOS, it is with the
computer you are connecting from. Read the error log you pasted earlier, it
tells you exactly what the problem is and how to remedy it:
>
> Add correct host key in /Users/andy/.ssh/known_hosts to get rid of this
> message.
> Offending ECDSA key in /Users/andy/.ssh/known_hosts:22

Open up the file /Users/andy/.ssh/known_hosts and delete line 22.

On Thu, Apr 28, 2016 at 2:31 AM, Andreas Benzler <andreas at
benzlerweb.de>
wrote:
> Same machine iMac for the last two weeks.
>
> Can work on virtual box  Centos 7
> Usb drive installation Centos 7 works
>
> Fresh installation not on this laptop.
>
> > Am 28.04.2016 um 11:25 schrieb Earl A Ramirez <earlaramirez at
gmail.com>:
> >
> > On 28 Apr 2016 11:24, "Andreas Benzler" <andreas at
benzlerweb.de> wrote:
> >>
> >> sure
> >>> Am 28.04.2016 um 11:16 schrieb Earl A Ramirez <earlaramirez
at gmail.com
> >:
> >>>
> >>> On 28 Apr 2016 11:11, "John R Pierce" <pierce at
hogranch.com> wrote:
> >>>>
> >>>> On 4/28/2016 2:02 AM, Andreas Benzler wrote:
> >>>>>
> >>>>> what is wrong with the default sshd server.
> >>>>>
> >>>>> after retry to connect sshd - key changed from known
hosts????
> >>>>
> >>>>
> >>>> I've installed centos a LOT of times, versions 5, 6,
and 7, and never
> > had
> >>> any issues with the built in sshd service, and a variety of
clients,
> >>> including other linux ssh, putty and securecrt on windows, gui
SCP/SFTP
> >>> utilties(they use sshd too), freebsd ssh, solaris ssh, aix
ssh.
> >>>>
> >>>> the "key changed from known_hosts" error happens
if your client had
> >>> previously connected with  the same "user at
hostname" on a previous
> >>> installation of the server OS with a different ssh_host_key
> >>>>
> >>>>
> >>>> you need to provide a lot more information if you expect a
more
> > specific
> >>> answer from anyone, like what version of CentOS did you
install, what
> >>> client software you're using to connect to it, any
pertinent background
> >>> information like was this hostname previously used for a
different OS
> >>> install, etc etc.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> john r pierce, recycling bits in santa cruz
> >>>>
> >>>> _______________________________________________
> >>>> CentOS mailing list
> >>>> CentOS at centos.org
> >>>> https://lists.centos.org/mailman/listinfo/centos
> >>>
> >>> You installed the server with the same IP, you need to remove
the entry
> >>> from the known hosts, which is located in .ssh on the computer
you are
> >>> trying to connect to.
> >>> _______________________________________________
> >>> CentOS mailing list
> >>> CentOS at centos.org
> >>> https://lists.centos.org/mailman/listinfo/centos
> >>
> >> _______________________________________________
> >> CentOS mailing list
> >> CentOS at centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >
> > I meant the computer you are trying to connect from.
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > https://lists.centos.org/mailman/listinfo/centos
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>

On Thu, April 28, 2016 8:56 am, mdubendris at gmail.com
wrote:
> The problem is not with your installation of CentOS, it is with the
> computer you are connecting from. Read the error log you pasted earlier,
> it
> tells you exactly what the problem is and how to remedy it:
>
>>
>> Add correct host key in /Users/andy/.ssh/known_hosts to get rid of this
>> message.
>> Offending ECDSA key in /Users/andy/.ssh/known_hosts:22
>
>
> Open up the file /Users/andy/.ssh/known_hosts and delete line 22.
>
(sorry if I repeat what someone already said - it is already long thread,
and I'm reading my mail from latest messages to oldest...)

Usually host key (of remote machine) could change for the following reasons:

1. benign reasons: remote machine system was reinstalled and/or ssh server
keys were re-generated, or some machine was retired and different machine
re-used its IP, or for some other reason, like changes in DNS, you are
connecting to _different_ system that has same IP as the one you were
connecting to in the past

In this case it is indeed safe to delete old known keys resembling this
host (there may be more that one), then ssh to it and accept new key

2. Bad reasons: remote machine is hijacked and host keys have changed. Or,
as ssh error message says, it may be "man in the middle" attack. If
some
intermediate malicious machine is able to intercept your traffic, it can
make encrypted ssh tunnel between source machine and itself, and between
itself and destination machine, having all traffic in clear text on
itself. The only thing that stops this "man in the middle" is you, as
you
are verifying the host key, and "man in the middle" can not use as
host
key the key of remote machine (he would need both secret and public key of
the pair for that). This is how ssh is designed to ensure you are talking
to the machine you think you are talking to.

If this is the case, you shouldn't continue, instead right thing to do is
to first make sure that indeed the key of remote machine was changed by
its admin. Calling remote machine's sysadmin would be right thing to do.

I hope, this helps.

Valeri

> On Thu, Apr 28, 2016 at 2:31 AM, Andreas Benzler <andreas at
benzlerweb.de>
> wrote:
>
>> Same machine iMac for the last two weeks.
>>
>> Can work on virtual box  Centos 7
>> Usb drive installation Centos 7 works
>>
>> Fresh installation not on this laptop.
>>
>> > Am 28.04.2016 um 11:25 schrieb Earl A Ramirez
>> <earlaramirez at gmail.com>:
>> >
>> > On 28 Apr 2016 11:24, "Andreas Benzler" <andreas at
benzlerweb.de> wrote:
>> >>
>> >> sure
>> >>> Am 28.04.2016 um 11:16 schrieb Earl A Ramirez
>> <earlaramirez at gmail.com
>> >:
>> >>>
>> >>> On 28 Apr 2016 11:11, "John R Pierce" <pierce
at hogranch.com> wrote:
>> >>>>
>> >>>> On 4/28/2016 2:02 AM, Andreas Benzler wrote:
>> >>>>>
>> >>>>> what is wrong with the default sshd server.
>> >>>>>
>> >>>>> after retry to connect sshd - key changed from
known hosts????
>> >>>>
>> >>>>
>> >>>> I've installed centos a LOT of times, versions 5,
6, and 7, and
>> never
>> > had
>> >>> any issues with the built in sshd service, and a variety
of clients,
>> >>> including other linux ssh, putty and securecrt on windows,
gui
>> SCP/SFTP
>> >>> utilties(they use sshd too), freebsd ssh, solaris ssh, aix
ssh.
>> >>>>
>> >>>> the "key changed from known_hosts" error
happens if your client had
>> >>> previously connected with  the same "user at
hostname" on a previous
>> >>> installation of the server OS with a different
ssh_host_key
>> >>>>
>> >>>>
>> >>>> you need to provide a lot more information if you
expect a more
>> > specific
>> >>> answer from anyone, like what version of CentOS did you
install,
>> what
>> >>> client software you're using to connect to it, any
pertinent
>> background
>> >>> information like was this hostname previously used for a
different
>> OS
>> >>> install, etc etc.
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>> --
>> >>>> john r pierce, recycling bits in santa cruz
>> >>>>
>> >>>> _______________________________________________
>> >>>> CentOS mailing list
>> >>>> CentOS at centos.org
>> >>>> https://lists.centos.org/mailman/listinfo/centos
>> >>>
>> >>> You installed the server with the same IP, you need to
remove the
>> entry
>> >>> from the known hosts, which is located in .ssh on the
computer you
>> are
>> >>> trying to connect to.
>> >>> _______________________________________________
>> >>> CentOS mailing list
>> >>> CentOS at centos.org
>> >>> https://lists.centos.org/mailman/listinfo/centos
>> >>
>> >> _______________________________________________
>> >> CentOS mailing list
>> >> CentOS at centos.org
>> >> https://lists.centos.org/mailman/listinfo/centos
>> >
>> > I meant the computer you are trying to connect from.
>> > _______________________________________________
>> > CentOS mailing list
>> > CentOS at centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++

I know how todo. I try it out tomorrow. But it?s the first time with this kind
of problem
with a fresh installed centos 7.

Thanks 
Valeri.
> Am 28.04.2016 um 16:20 schrieb Valeri Galtsev <galtsev at
kicp.uchicago.edu>:
> 
> 
> On Thu, April 28, 2016 8:56 am, mdubendris at gmail.com
<mailto:mdubendris at gmail.com> wrote:
>> The problem is not with your installation of CentOS, it is with the
>> computer you are connecting from. Read the error log you pasted
earlier,
>> it
>> tells you exactly what the problem is and how to remedy it:
>> 
>>> 
>>> Add correct host key in /Users/andy/.ssh/known_hosts to get rid of
this
>>> message.
>>> Offending ECDSA key in /Users/andy/.ssh/known_hosts:22
>> 
>> 
>> Open up the file /Users/andy/.ssh/known_hosts and delete line 22.
>> 
> 
> (sorry if I repeat what someone already said - it is already long thread,
> and I'm reading my mail from latest messages to oldest...)
> 
> Usually host key (of remote machine) could change for the following
reasons:
> 
> 1. benign reasons: remote machine system was reinstalled and/or ssh server
> keys were re-generated, or some machine was retired and different machine
> re-used its IP, or for some other reason, like changes in DNS, you are
> connecting to _different_ system that has same IP as the one you were
> connecting to in the past
> 
> In this case it is indeed safe to delete old known keys resembling this
> host (there may be more that one), then ssh to it and accept new key
> 
> 2. Bad reasons: remote machine is hijacked and host keys have changed. Or,
> as ssh error message says, it may be "man in the middle" attack.
If some
> intermediate malicious machine is able to intercept your traffic, it can
> make encrypted ssh tunnel between source machine and itself, and between
> itself and destination machine, having all traffic in clear text on
> itself. The only thing that stops this "man in the middle" is
you, as you
> are verifying the host key, and "man in the middle" can not use
as host
> key the key of remote machine (he would need both secret and public key of
> the pair for that). This is how ssh is designed to ensure you are talking
> to the machine you think you are talking to.
> 
> If this is the case, you shouldn't continue, instead right thing to do
is
> to first make sure that indeed the key of remote machine was changed by
> its admin. Calling remote machine's sysadmin would be right thing to
do.
> 
> I hope, this helps.
> 
> Valeri
> 
> 
>> On Thu, Apr 28, 2016 at 2:31 AM, Andreas Benzler <andreas at
benzlerweb.de>
>> wrote:
>> 
>>> Same machine iMac for the last two weeks.
>>> 
>>> Can work on virtual box  Centos 7
>>> Usb drive installation Centos 7 works
>>> 
>>> Fresh installation not on this laptop.
>>> 
>>>> Am 28.04.2016 um 11:25 schrieb Earl A Ramirez
>>> <earlaramirez at gmail.com>:
>>>> 
>>>> On 28 Apr 2016 11:24, "Andreas Benzler" <andreas
at benzlerweb.de> wrote:
>>>>> 
>>>>> sure
>>>>>> Am 28.04.2016 um 11:16 schrieb Earl A Ramirez
>>> <earlaramirez at gmail.com
>>>> :
>>>>>> 
>>>>>> On 28 Apr 2016 11:11, "John R Pierce"
<pierce at hogranch.com> wrote:
>>>>>>> 
>>>>>>> On 4/28/2016 2:02 AM, Andreas Benzler wrote:
>>>>>>>> 
>>>>>>>> what is wrong with the default sshd server.
>>>>>>>> 
>>>>>>>> after retry to connect sshd - key changed from
known hosts????
>>>>>>> 
>>>>>>> 
>>>>>>> I've installed centos a LOT of times, versions
5, 6, and 7, and
>>> never
>>>> had
>>>>>> any issues with the built in sshd service, and a
variety of clients,
>>>>>> including other linux ssh, putty and securecrt on
windows, gui
>>> SCP/SFTP
>>>>>> utilties(they use sshd too), freebsd ssh, solaris ssh,
aix ssh.
>>>>>>> 
>>>>>>> the "key changed from known_hosts" error
happens if your client had
>>>>>> previously connected with  the same "user at
hostname" on a previous
>>>>>> installation of the server OS with a different
ssh_host_key
>>>>>>> 
>>>>>>> 
>>>>>>> you need to provide a lot more information if you
expect a more
>>>> specific
>>>>>> answer from anyone, like what version of CentOS did you
install,
>>> what
>>>>>> client software you're using to connect to it, any
pertinent
>>> background
>>>>>> information like was this hostname previously used for
a different
>>> OS
>>>>>> install, etc etc.
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> --
>>>>>>> john r pierce, recycling bits in santa cruz
>>>>>>> 
>>>>>>> _______________________________________________
>>>>>>> CentOS mailing list
>>>>>>> CentOS at centos.org
>>>>>>> https://lists.centos.org/mailman/listinfo/centos
>>>>>> 
>>>>>> You installed the server with the same IP, you need to
remove the
>>> entry
>>>>>> from the known hosts, which is located in .ssh on the
computer you
>>> are
>>>>>> trying to connect to.
>>>>>> _______________________________________________
>>>>>> CentOS mailing list
>>>>>> CentOS at centos.org
>>>>>> https://lists.centos.org/mailman/listinfo/centos
>>>>> 
>>>>> _______________________________________________
>>>>> CentOS mailing list
>>>>> CentOS at centos.org
>>>>> https://lists.centos.org/mailman/listinfo/centos
>>>> 
>>>> I meant the computer you are trying to connect from.
>>>> _______________________________________________
>>>> CentOS mailing list
>>>> CentOS at centos.org
>>>> https://lists.centos.org/mailman/listinfo/centos
>>> 
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>>> 
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>> 
> 
> 
> ++++++++++++++++++++++++++++++++++++++++
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> ++++++++++++++++++++++++++++++++++++++++
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org <mailto:CentOS at centos.org>
> https://lists.centos.org/mailman/listinfo/centos
<https://lists.centos.org/mailman/listinfo/centos>

Valeri Galtsev wrote:
>
> On Thu, April 28, 2016 8:56 am, mdubendris at gmail.com wrote:
>> The problem is not with your installation of CentOS, it is with the
>> computer you are connecting from. Read the error log you pasted
earlier,
>> it tells you exactly what the problem is and how to remedy it:
>>>
>>> Add correct host key in /Users/andy/.ssh/known_hosts to get rid of
this
>>> message. Offending ECDSA key in /Users/andy/.ssh/known_hosts:22
>>
>> Open up the file /Users/andy/.ssh/known_hosts and delete line 22.
<snip>
> Usually host key (of remote machine) could change for the following
> reasons:
>
> 1. benign reasons: remote machine system was reinstalled and/or ssh server
> keys were re-generated, or some machine was retired and different machine
> re-used its IP, or for some other reason, like changes in DNS, you are
> connecting to _different_ system that has same IP as the one you were
> connecting to in the past
>
> In this case it is indeed safe to delete old known keys resembling this
> host (there may be more that one), then ssh to it and accept new key
>
> 2. Bad reasons: remote machine is hijacked and host keys have changed. Or,
> as ssh error message says, it may be "man in the middle" attack.
If some
> intermediate malicious machine is able to intercept your traffic, it can
<snip>
Just as a side note, here: when we rebuild a machine - say, when we were
doing CentOS 5 to 6, or when we build a new machine for someone, 6->7, we
*remove /etc/ssh/ssh_host*, and rsync in the *old* /etc/ssh/ssh_host* from
backup.

Not doing this does have a tendency to freak out the users....

     mark