[Techtalk] weird network behavior

Maria Mckinley maria at shadlen.org
Sun Dec 12 21:46:30 UTC 2010 

I figured it out! Somehow the wrong key was in /etc/ssh/known_hosts for 
mimi. What I can't figure out is why I was still able to ssh to mimi 
from other hosts, since all of the machines had the same known_hosts 
file. Why would this have affected only communication from mimi? Weird.

By the way, what finally led me to the solution was getting rid of the 
known_host file in my .ssh file, and then sshing from mimi to mimi. 
Apparently, ssh couldn't do hostbased, because of the system known_hosts 
file, but didn't fail completely, because I had the correct key in my 
personal known_hosts file.

maria at mimi:~$ ssh -v mimi.shadlen.org
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to mimi.shadlen.org [127.0.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/maria/.ssh/identity type -1
debug1: identity file /home/maria/.ssh/id_rsa type -1
debug1: identity file /home/maria/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version 
OpenSSH_5.1p1 Debian-5
debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5f:2a:6e:39:ad:56:1b:65:b7:d8:d9:f8:3b:11:28:27.
Please contact your system administrator.
Add correct host key in /home/maria/.ssh/known_hosts to get rid of this 
message.
Offending key in /etc/ssh/ssh_known_hosts:1
RSA host key for mimi.shadlen.org has changed and you have requested 
strict checking.
Host key verification failed.

thanks for everyone's help!

cheers,
maria

More information about the Techtalk mailing list