On Apr 28, 2016, at 3:15 AM, John R Pierce <pie...@hogranch.com> wrote: > > On 4/28/2016 2:09 AM, Andreas Benzler wrote: >> ine-imac-andy:~ andy$ ssh -vvvandy@141.52.135.21 > > >> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 >> Debian-5ubuntu1.8 >> debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.8 pat OpenSSH_5* compat >> 0x0c000000 > > > thats not CentOS. > > are you sure you're connecting to the right address ?
Many of the other answers are ignoring this detail by simply recommending that the OP remove the offending line from known_hosts and try again. That’s an excellent way to get MITM’d! When OpenSSH warns you that the remote host’s key is different from the one it saw before, you *must not ignore it* unless you know exactly why it changed. Don’t guess! Verify. How? Log into the intended host over some trusted channel, then say: for f in /etc/ssh/ssh_host_*_key ; do ssh-keygen -lf $f ; done If none of those values exactly matches SHA256:KIKE0V+Hm1UW4XtpTAVsl/7QWqJSVoQHfLnjj3vn/nM. then OpenSSH is right to prevent your login. It means you aren’t connecting to the server you think you are. It might be a benign misconfiguration or it might be a MITM attempt. This is potentially a game-over scenario. Don’t ignore it. See also this article on the TOFU problem: https://en.wikipedia.org/wiki/Trust_on_first_use _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
