We tend to reuse hosts names on our cloud, so I have a little script that contains the following lines to bypass strict host checking. ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $@ Yes it's terrible, but I'm very lazy. On Mon, Dec 3, 2012 at 1:47 PM, Lisa Kachold wrote: > What are tbe permissions on your .ssh directory¿ > On 3 Dec 2012 13:44, "Lisa Kachold" wrote: > >> Larry. >> >> The key and location are specified in the /etc/ssh/sshd_config file. But >> that will no >> Doubt just give the same error. >> >> Are the machines specified in /etc/hosts hosts.deny and hosts.allow? >> On 2 Dec 2012 22:18, "Dazed_75" wrote: >> >>> >>> >>> On Sat, Dec 1, 2012 at 5:59 PM, Lisa Kachold wrote: >>> >>>> Hi Larry, >>>> >>>> >>>> On Fri, Nov 30, 2012 at 8:56 PM, Dazed_75 wrote: >>>> >>>>> >>>>> >>>>> On Fri, Nov 30, 2012 at 5:29 PM, der.hans wrote: >>>>> >>>>>> Am 30. Nov, 2012 schwätzte Dazed_75 so: >>>>>> >>>>>> moin moin, >>>>>> >>>>>> >>>>>> Interesting. I deleted entry 8 and then ssh'd to lapdog0 with no >>>>>>> complaint. Logged out, rebooted that machine to Mint and then ssh'd >>>>>>> into >>>>>>> lapdog1 and that complained about then new entry 23 for lapdog0. >>>>>>> >>>>>> >>>>>> Yeah, line 8 was probably your old entry for lapdog2. >>>>> >>>>> >>>>> Yes, I said so in the first post. >>>>> >>>>>> >>>>>> >>>>>> It appears that ssh will make an entry in known_hosts for each IP and >>>>>>> something (host name, kernel, tennis ball) combination, but only >>>>>>> complains >>>>>>> about the 1st mis-match it finds. Whatever the "something" is is >>>>>>> not clear >>>>>>> as I got no complaint after deleting entry 8 (from the lapdog2 days) >>>>>>> and >>>>>>> sshing in to lapdog0. Puzzling. >>>>>>> >>>>>> >>>>>> It tracks hostname and IP combinations and warns you if the IP has >>>>>> another >>>>>> entry. Presuming both lapdog0 and lapdog1 are properly in known_hosts >>>>>> I'd >>>>>> think the warning would go away. >>>>>> >>>>> >>>>> no, it does not. I did describe the circumstances though I tend to >>>>> use more words than many folks do. As I said, since both lapdog0 and >>>>> lapdog1 are the same machine (with the same mac address) just booted into >>>>> different OSes they both get the same IP from DHCP. That seems to land >>>>> two entries for the same IP in known_hosts and that seems to make ssh >>>>> complain. >>>>> >>>>>> >>>>>> Does ssh -v explain it? >>>>>> >>>>> >>>>> I did not think to try that and it is too late as I am re-installing >>>>> that machine to test out a couple of things. >>>>> >>>>> Thanks for the feedback guys! >>>>> >>>>>> >>>>>> ciao, >>>>>> >>>>>> der.hans >>>>>> -- >>>>>> >>>>> >>>> Sorry this is so late. >>>> >>>> But you can do any of the following: >>>> >>>> a) Clone the connection for both machines: >>>> >>> >>> As I said in the first post, lapdog0 and lapdog1 are the same machine >>> just using different hostnames depending on which Linux is running. >>> Therefore, they "both" have the same mac address by definition. >>> >>> I did think of copying the public and private parts of the key from one >>> to the other but don't know enough to know if that might cause another >>> problem. >>> >>> BTW, I re-installed (to be totally sure of the starting point) them >>> again with both being named lapdog2 and it made no difference. >>> >>>> >>>> 1) Use the same key for both machines. >>>> >>>> ssh-keygen then copy that key to your second machine. >>>> >>>> 2) set your MAC address as the same number in your network device >>>> configuration. >>>> >>>> >>>> B) Disable Strict Error Checking >>>> >>>> Turn off strict error checking in /etc/ssh/sshd_config on both >>>> machines. >>>> >>> >>> The error is showing as being due to strict error checking. But I would >>> hesitate to turn it off other than temporarily not to mention that I don't >>> know how. Finding out would be easy, it's just not a priority. >>> >>>> >>>> While this can be a ssh security risk and therefore not indicated on >>>> most networks for which you are maintaining this solution, but if you have >>>> buttoned down your network and actually read your logs, it should be safe, >>>> alternately you can also seru==dd >>>> >>>> http://en.wikipedia.org/wiki/Port_knocking >>>> >>>>> >>>>> -- >>>>> Dazed_75 a.k.a. Larry >>>>> >>>>> Please protect my address like I protect yours. When sending messages >>>>> to multiple recipients, use the BCC: (Blind carbon copy). Remove addresses >>>>> from a forwarded message body before clicking Send. >>>>> >>>>> >>>>> --------------------------------------------------- >>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>>>> To subscribe, unsubscribe, or to change your mail settings: >>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> >>>> (503) 754-4452 Android >>>> (623) 239-3392 Skype >>>> (623) 688-3392 Google Voice >>>> ** >>>> it-clowns.com >>>> Chief Clown >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> --------------------------------------------------- >>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>>> To subscribe, unsubscribe, or to change your mail settings: >>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>>> >>> >>> >>> >>> -- >>> Dazed_75 a.k.a. Larry >>> >>> Please protect my address like I protect yours. When sending messages to >>> multiple recipients, use the BCC: (Blind carbon copy). Remove addresses >>> from a forwarded message body before clicking Send. >>> >>> >>> --------------------------------------------------- >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings: >>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >>> >> > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- James McPhee jmcphe@gmail.com