host.key

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

host.key

earcam

Hello,

When trying to SSH into a fresh copy of a custom distro I keep getting the error message that the DSA key for that host has changed.

The host.key files from our custom distro are marked read-only and checking timestamps before and after, also a diff shows no difference.  So what am doing wrong/missing that is causing the SSHd to send out a different key?

Our custom distro builds for different servers with each having separate properties and a host.key file, but other than that it just contains a blueprint ldap jaas module, jce provider (bouncy castle), branding, altered mvn repo urls and features.


thanks,
Caspar
Reply | Threaded
Open this post in threaded view
|

Re: host.key

jbonofre
Hi Caspar,

what's the message exactly ?

If you have a warning on the DSA key, it could be cause by a change on
the listening IP address, etc.

Thanks,
Regards
JB

On 12/02/2011 04:59 PM, Caspar MacRae wrote:

>
> Hello,
>
> When trying to SSH into a fresh copy of a custom distro I keep getting
> the error message that the DSA key for that host has changed.
>
> The host.key files from our custom distro are marked read-only and
> checking timestamps before and after, also a diff shows no difference.
> So what am doing wrong/missing that is causing the SSHd to send out a
> different key?
>
> Our custom distro builds for different servers with each having separate
> properties and a host.key file, but other than that it just contains a
> blueprint ldap jaas module, jce provider (bouncy castle), branding,
> altered mvn repo urls and features.
>
>
> thanks,
> Caspar

--
Jean-Baptiste Onofré
[hidden email]
http://blog.nanthrax.net
Talend - http://www.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: host.key

earcam
Hi JB,

I was doing something stupid;  in the assembly.xml I had <lineEnding>unix</lineEnding> which was mangling the host.key file.  Initially this was causing a new key to be generated only on first run, but I later compounded the problem by setting it read-only <fileMode>0444</fileMode> which helped identify the problem as I then got the warning message with every reboot and attempted login (as the new key was being generated on each run).

(The message is the normal warning when a host key changes, the same thing I get when a server is reinstalled: WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! ... IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! possible man-in-the-middle attack ...)


Best regards,
Caspar




On 2 December 2011 16:21, Jean-Baptiste Onofré <[hidden email]> wrote:
Hi Caspar,

what's the message exactly ?

If you have a warning on the DSA key, it could be cause by a change on the listening IP address, etc.

Thanks,
Regards
JB


On 12/02/2011 04:59 PM, Caspar MacRae wrote:

Hello,

When trying to SSH into a fresh copy of a custom distro I keep getting
the error message that the DSA key for that host has changed.

The host.key files from our custom distro are marked read-only and
checking timestamps before and after, also a diff shows no difference.
So what am doing wrong/missing that is causing the SSHd to send out a
different key?

Our custom distro builds for different servers with each having separate
properties and a host.key file, but other than that it just contains a
blueprint ldap jaas module, jce provider (bouncy castle), branding,
altered mvn repo urls and features.


thanks,
Caspar

--
Jean-Baptiste Onofré
[hidden email]
http://blog.nanthrax.net
Talend - http://www.talend.com