[vox-tech] How do I make SSH connect anyway if a host's IP has changed?

vox-tech@lists.lugod.org vox-tech@lists.lugod.org
9 Jan 2002 08:08:34 -0800


I don't think that the IP address is the problem.  If the HOST key on the system you are connecting to changes, then you will get that message.  From your earlier post, it sounds like you really are connecting to a different machine.  Either they need to replicate the same host key to each system (Leading to what complications I don't know), OR they actually may have been hacked and you are the reciepient of the man-in-the-middle attack (unlikely, but remotely posible as the error says).

-sp

On Tue, 08 January 2002, Ken Bloom wrote:

> 
> On second thought, I think that I'm getting the same IP each time, but different host keys
> each time, considering my errors, and considering that I have 'CheckHostIP no' set. Error is 
> included:
> 
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that the DSA host key has just been changed.
> The fingerprint for the DSA key sent by the remote host is
> 97:fd:25:4a:1f:c3:b4:80:9e:e7:b1:7b:0b:d6:e3:ae.
> Please contact your system administrator.
> Add correct host key in /home/bloom/.ssh/known_hosts to get rid of this message.
> Offending key in /home/bloom/.ssh/known_hosts:4
> Password authentication is disabled to avoid man-in-the-middle attacks.
> Permission denied (publickey,password).
> 
> 
> There was much rejoicing when Ken Bloom <kabloom@ucdavis.edu> spoke thus:
> > The Electrical and Computer Engineering department has set up a system where, by connecting to 
> > the address snake.ece.ucdavis.edu, the department hands off connections to the least busy HP 
> > computer in their lab.  I was trying, today to use ssh to connect to these HP computers by 
> > SSH. The first try, (and some random tries after that), SSH would connect OK. Most other 
> > times, however, the remote computer would fail the test because I was being handed off to a 
> > different HP system.
> > 
> > I am currently trying to connect using a shell script I created named snake:
> > 
> > #! /bin/bash
> > cat > ~/.sshconfig << ENDOFCONFIG
> > StrictHostKeyChecking no
> > CheckHostIP no
> > ENDOFCONFIG
> > ssh -F ~/.sshconfig kabloom@snake.ece.ucdavis.edu
> > 
> > (neither of these configuration options seem to be doing the trick, even after I deleted the 
> > offending key from ~/.ssh/known_hosts)
> > 
> > Is there any way to make SSH ignore the tests that it uses to verify host authenticity when
> > I connect to snake.ece.ucdavis.edu? 
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech