ssh: keying a fresh sshd

From: Carl Karsten <carl_at_**********.***>
Date: Wed Oct 11 2006 - 15:32:41 EDT

I have an automated Ubuntu install that I run on a test box every few days. it
also installs openssh-server (sshd) and that creates new keys, which conflict
with the keys stored on my client machines. I keep editing my client files to
get around this, but that is getting old. What would be a recommended way to
deal with this? I also wouldn't mind dropping a private key on it. I have 0.0
concern for security of that box - it is only on about 1/4 the time, and I am
the only one with any sort of access to it. But I do have visitors to my lan,
and in general like to practice safe computing, and figure if I am going to put
any effort into this I should learn something useful. below is the error I get
when I try to connect an "old" client to a "new" install.

Carl K

carl@amd15:~$ ssh yate2
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for yate2 has changed,
and the key for the according IP address 192.168.1.18
has a different value. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/carl/.ssh/known_hosts:27
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
4b:9a:7d:6b:a5:bd:1f:7f:30:a5:b6:10:d7:7a:f6:29.
Please contact your system administrator.
Add correct host key in /home/carl/.ssh/known_hosts to get rid of this message.
Offending key in /home/carl/.ssh/known_hosts:29
RSA host key for yate2 has changed and you have requested strict checking.
Host key verification failed.

--
List Info:      http://erdelynet.com/ssh-l/
List Archives:  http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com

Received on Wed Oct 11 15:34:44 2006

This archive was generated by hypermail 2.1.8 : Wed Oct 11 2006 - 15:34:45 EDT