We tend to reuse hosts names on our cloud, so I have a little script that
contains the following lines to bypass strict host checking.
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $@
Yes it's terrible, but I'm very lazy.
On Mon, Dec 3, 2012 at 1:47 PM, Lisa Kachold <
lisakachold@obnosis.com>wrote:
> What are tbe permissions on your .ssh directory¿
> On 3 Dec 2012 13:44, "Lisa Kachold" <lisakachold@obnosis.com> wrote:
>
>> Larry.
>>
>> The key and location are specified in the /etc/ssh/sshd_config file. But
>> that will no
>> Doubt just give the same error.
>>
>> Are the machines specified in /etc/hosts hosts.deny and hosts.allow?
>> On 2 Dec 2012 22:18, "Dazed_75" <lthielster@gmail.com> wrote:
>>
>>>
>>>
>>> On Sat, Dec 1, 2012 at 5:59 PM, Lisa Kachold <lisakachold@obnosis.com>wrote:
>>>
>>>> Hi Larry,
>>>>
>>>>
>>>> On Fri, Nov 30, 2012 at 8:56 PM, Dazed_75 <lthielster@gmail.com> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Fri, Nov 30, 2012 at 5:29 PM, der.hans <PLUGd@lufthans.com> wrote:
>>>>>
>>>>>> Am 30. Nov, 2012 schwätzte Dazed_75 so:
>>>>>>
>>>>>> moin moin,
>>>>>>
>>>>>>
>>>>>> Interesting. I deleted entry 8 and then ssh'd to lapdog0 with no
>>>>>>> complaint. Logged out, rebooted that machine to Mint and then ssh'd
>>>>>>> into
>>>>>>> lapdog1 and that complained about then new entry 23 for lapdog0.
>>>>>>>
>>>>>>
>>>>>> Yeah, line 8 was probably your old entry for lapdog2.
>>>>>
>>>>>
>>>>> Yes, I said so in the first post.
>>>>>
>>>>>>
>>>>>>
>>>>>> It appears that ssh will make an entry in known_hosts for each IP and
>>>>>>> something (host name, kernel, tennis ball) combination, but only
>>>>>>> complains
>>>>>>> about the 1st mis-match it finds. Whatever the "something" is is
>>>>>>> not clear
>>>>>>> as I got no complaint after deleting entry 8 (from the lapdog2 days)
>>>>>>> and
>>>>>>> sshing in to lapdog0. Puzzling.
>>>>>>>
>>>>>>
>>>>>> It tracks hostname and IP combinations and warns you if the IP has
>>>>>> another
>>>>>> entry. Presuming both lapdog0 and lapdog1 are properly in known_hosts
>>>>>> I'd
>>>>>> think the warning would go away.
>>>>>>
>>>>>
>>>>> no, it does not. I did describe the circumstances though I tend to
>>>>> use more words than many folks do. As I said, since both lapdog0 and
>>>>> lapdog1 are the same machine (with the same mac address) just booted into
>>>>> different OSes they both get the same IP from DHCP. That seems to land
>>>>> two entries for the same IP in known_hosts and that seems to make ssh
>>>>> complain.
>>>>>
>>>>>>
>>>>>> Does ssh -v explain it?
>>>>>>
>>>>>
>>>>> I did not think to try that and it is too late as I am re-installing
>>>>> that machine to test out a couple of things.
>>>>>
>>>>> Thanks for the feedback guys!
>>>>>
>>>>>>
>>>>>> ciao,
>>>>>>
>>>>>> der.hans
>>>>>> --
>>>>>>
>>>>>
>>>> Sorry this is so late.
>>>>
>>>> But you can do any of the following:
>>>>
>>>> a) Clone the connection for both machines:
>>>>
>>>
>>> As I said in the first post, lapdog0 and lapdog1 are the same machine
>>> just using different hostnames depending on which Linux is running.
>>> Therefore, they "both" have the same mac address by definition.
>>>
>>> I did think of copying the public and private parts of the key from one
>>> to the other but don't know enough to know if that might cause another
>>> problem.
>>>
>>> BTW, I re-installed (to be totally sure of the starting point) them
>>> again with both being named lapdog2 and it made no difference.
>>>
>>>>
>>>> 1) Use the same key for both machines.
>>>>
>>>> ssh-keygen then copy that key to your second machine.
>>>>
>>>> 2) set your MAC address as the same number in your network device
>>>> configuration.
>>>>
>>>>
>>>> B) Disable Strict Error Checking
>>>>
>>>> Turn off strict error checking in /etc/ssh/sshd_config on both
>>>> machines.
>>>>
>>>
>>> The error is showing as being due to strict error checking. But I would
>>> hesitate to turn it off other than temporarily not to mention that I don't
>>> know how. Finding out would be easy, it's just not a priority.
>>>
>>>>
>>>> While this can be a ssh security risk and therefore not indicated on
>>>> most networks for which you are maintaining this solution, but if you have
>>>> buttoned down your network and actually read your logs, it should be safe,
>>>> alternately you can also seru==dd
>>>>
>>>> http://en.wikipedia.org/wiki/Port_knocking
>>>>
>>>>>
>>>>> --
>>>>> Dazed_75 a.k.a. Larry
>>>>>
>>>>> Please protect my address like I protect yours. When sending messages
>>>>> to multiple recipients, use the BCC: (Blind carbon copy). Remove addresses
>>>>> from a forwarded message body before clicking Send.
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>> (503) 754-4452 Android
>>>> (623) 239-3392 Skype
>>>> (623) 688-3392 Google Voice
>>>> **
>>>> it-clowns.com
>>>> Chief Clown
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>>
>>>
>>> --
>>> Dazed_75 a.k.a. Larry
>>>
>>> Please protect my address like I protect yours. When sending messages to
>>> multiple recipients, use the BCC: (Blind carbon copy). Remove addresses
>>> from a forwarded message body before clicking Send.
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
--
James McPhee
jmcphe@gmail.com
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss