Andreas Benzler
2016-Apr-28 09:09 UTC
[CentOS] Centos hold me back from work - sshd ...bull
ine-imac-andy:~ andy$ ssh 141.52.135.21 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:KIKE0V+Hm1UW4XtpTAVsl/7QWqJSVoQHfLnjj3vn/nM. Please contact your system administrator. Add correct host key in /Users/andy/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /Users/andy/.ssh/known_hosts:22 RSA host key for 141.52.135.21 has changed and you have requested strict checking. Host key verification failed. ine-imac-andy:~ andy$ vi .ssh/ id_rsa id_rsa.pub known_hosts ine-imac-andy:~ andy$ vi .ssh/known_hosts ine-imac-andy:~ andy$ ssh -vvv andy at 141.52.135.21 OpenSSH_6.9p1, LibreSSL 2.1.8 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: /etc/ssh/ssh_config line 56: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 141.52.135.21 [141.52.135.21] port 22. debug1: Connection established. debug1: identity file /Users/andy/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /Users/andy/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/andy/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/andy/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/andy/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/andy/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/andy/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/andy/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 write: Broken pipe ine-imac-andy:~ andy$ ssh -vvv andy at 141.52.135.21 OpenSSH_6.9p1, LibreSSL 2.1.8 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: /etc/ssh/ssh_config line 56: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 141.52.135.21 [141.52.135.21] port 22. debug1: Connection established. debug1: identity file /Users/andy/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /Users/andy/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/andy/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/andy/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/andy/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/andy/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/andy/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /Users/andy/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.8 debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.8 pat OpenSSH_5* compat 0x0c000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 141.52.135.21:22 as 'andy' debug3: hostkeys_foreach: reading file "/Users/andy/.ssh/known_hosts" debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug1: kex: server->client aes128-ctr umac-64 at openssh.com none debug1: kex: client->server aes128-ctr umac-64 at openssh.com none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-rsa SHA256:KIKE0V+Hm1UW4XtpTAVsl/7QWqJSVoQHfLnjj3vn/nM debug3: hostkeys_foreach: reading file "/Users/andy/.ssh/known_hosts" The authenticity of host '141.52.135.21 (141.52.135.21)' can't be established. RSA key fingerprint is SHA256:KIKE0V+Hm1UW4XtpTAVsl/7QWqJSVoQHfLnjj3vn/nM. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '141.52.135.21' (RSA) to the list of known hosts. debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent ssh_packet_read: Connection reset by peer> Am 28.04.2016 um 11:05 schrieb Earl A Ramirez <earlaramirez at gmail.com>: > > On 28 Apr 2016 10:58, "Andreas Benzler" <andreas at benzlerweb.de> wrote: >> >> I don?t know what?s going on >> >> the sushi from the laptop always kick me out!!! >> >> Fresh installation. >> >> packet_write_wait: Connection >> >> How can that be! >> >> Andy >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos > > You will need to provide a little more information, what's the output when > you use ssh -vvv user at host? > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
On 4/28/2016 2:09 AM, Andreas Benzler wrote:> ine-imac-andy:~ andy$ ssh -vvvandy at 141.52.135.21> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.8 > debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.8 pat OpenSSH_5* compat 0x0c000000thats not CentOS. are you sure you're connecting to the right address ? -- john r pierce, recycling bits in santa cruz
Gordon Messmer
2016-Apr-28 16:25 UTC
[CentOS] Centos hold me back from work - sshd ...bull
On 04/28/2016 02:09 AM, Andreas Benzler wrote:> ine-imac-andy:~ andy$ ssh -vvvandy at 141.52.135.21...> debug1: Enabling compatibility mode for protocol 2.0 > write: Broken pipe > ine-imac-andy:~ andy$ ssh -vvvandy at 141.52.135.21...> debug1: SSH2_MSG_SERVICE_REQUEST sent > ssh_packet_read: Connection reset by peerI see one possibility that explains both the key change and the connection resets: You installed a new server and used an IP address that was already in use on another server. That's why you already had an SSH key for that address. The connection resets occur when the client you're using to connect updates its ARP table and swaps from the MAC address on the new host to the MAC address on the old host (or visa versa).
Valeri Galtsev
2016-Apr-28 16:49 UTC
[CentOS] Centos hold me back from work - sshd ...bull
On Thu, April 28, 2016 11:25 am, Gordon Messmer wrote:> On 04/28/2016 02:09 AM, Andreas Benzler wrote: >> ine-imac-andy:~ andy$ ssh -vvvandy at 141.52.135.21 > ... >> debug1: Enabling compatibility mode for protocol 2.0 >> write: Broken pipe >> ine-imac-andy:~ andy$ ssh -vvvandy at 141.52.135.21 > ... >> debug1: SSH2_MSG_SERVICE_REQUEST sent >> ssh_packet_read: Connection reset by peer > > > I see one possibility that explains both the key change and the > connection resets: > > You installed a new server and used an IP address that was already in > use on another server. That's why you already had an SSH key for that > address. The connection resets occur when the client you're using to > connect updates its ARP table and swaps from the MAC address on the new > host to the MAC address on the old host (or visa versa).Oh yes, and bizarre may happen if you have two machines with the same static IP _simultaneously_ on the network. To check if that is the case (for particular IP, say 192.168.2.7) from the machine with different IP on the same subnet 192.168.2.x do arping 192.168.2.7 you will get ARP responses from all machines, and if there is more than one, you will see responces coming from different MAC addresses. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On Apr 28, 2016, at 3:15 AM, John R Pierce <pierce at hogranch.com> wrote:> > On 4/28/2016 2:09 AM, Andreas Benzler wrote: >> ine-imac-andy:~ andy$ ssh -vvvandy at 141.52.135.21 > > >> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.8 >> debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.8 pat OpenSSH_5* compat 0x0c000000 > > > thats not CentOS. > > are you sure you're connecting to the right address ?Many of the other answers are ignoring this detail by simply recommending that the OP remove the offending line from known_hosts and try again. That?s an excellent way to get MITM?d! When OpenSSH warns you that the remote host?s key is different from the one it saw before, you *must not ignore it* unless you know exactly why it changed. Don?t guess! Verify. How? Log into the intended host over some trusted channel, then say: for f in /etc/ssh/ssh_host_*_key ; do ssh-keygen -lf $f ; done If none of those values exactly matches SHA256:KIKE0V+Hm1UW4XtpTAVsl/7QWqJSVoQHfLnjj3vn/nM. then OpenSSH is right to prevent your login. It means you aren?t connecting to the server you think you are. It might be a benign misconfiguration or it might be a MITM attempt. This is potentially a game-over scenario. Don?t ignore it. See also this article on the TOFU problem: https://en.wikipedia.org/wiki/Trust_on_first_use