Re: F-Secure client with OpenSSH server

From: Richard E. Silverman (slade@shore.net)
Date: 12/31/01

Next message: Bill Unruh: "Re: SSH doesn't work without a user logged in?"

Previous message: Richard E. Silverman: "Re: SSH doesn't work without a user logged in?"
In reply to: Mark Moorcroft: "Re: F-Secure client with OpenSSH server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: slade@shore.net (Richard E. Silverman)
Date: 30 Dec 2001 23:39:00 -0500

> I would like to join this discussion, as I have been attempting to
> connect my MacOSX box to my he.net account.

The problem you're having is different than the one we've discussed in
this thread. Your difficulty is with server authentication, whereas we
were discussing user authentication.

> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: HOST IDENTIFICATION HAS CHANGED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle
> attack)!
> It is also possible that the host key has just been changed.
> Please contact your system administrator.
> Add correct host key to
> "/home/sevenup/.ssh2/hostkeys/key_xxx_xxx.xxx.xxx.xxx.pub"

This indicates that you already have a hostkey for your OSX box on the
client host, and it is incorrect; you need to replace it (in the file
indicated) with the current one. Use the OpenSSH ssh-keygen to convert
your OSX box's public hostkey and use that. If you have multiple
hostkeys, you need to select the one that SSH2 normally uses;
unfortunately, the ssh.com software does not allow for multiple keys in
its known-hosts list.

> The authenticity of host 'pluto.he.net (xxx.xxx.xxx.xxx)' can't be
> established.
> DSA key fingerprint is
> c6:f1:fb:b6:88:67:a2:b8:a5:a7:a4:29:ef:xx:xx:xx.
> Are you sure you want to continue connecting (yes/no)? no
> Aborted by user!

This simply means that you have no hostkey entry at all on your OSX box
for the he.net server -- get its public hostkeys and place entries for
them in your personal or global known-hosts lists (~/.ssh/known_hosts or
/etc/ssh_known_hosts).

-- 
  Richard Silverman
  slade@shore.net

Next message: Bill Unruh: "Re: SSH doesn't work without a user logged in?"
Previous message: Richard E. Silverman: "Re: SSH doesn't work without a user logged in?"
In reply to: Mark Moorcroft: "Re: F-Secure client with OpenSSH server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]