Bureaucrats, cc_docs_admin, cc_staff
2,879
edits
SSH security improvements: Difference between revisions
Jump to navigation
Jump to search
→Updating your client's known host list: advise ALWAYS CHECK THE FINGERPRINT
(simplified intro) |
(→Updating your client's known host list: advise ALWAYS CHECK THE FINGERPRINT) |
||
| Line 28: | Line 28: | ||
It is also possible that a host key has just been changed. | It is also possible that a host key has just been changed. | ||
The fingerprint for the ED25519 key sent by the remote host is | The fingerprint for the ED25519 key sent by the remote host is | ||
SHA256: | SHA256:mf1jJ3ndpXhpo0k38xVxjH8Kjtq3o1+ZtTVbeM0xeCk. | ||
Please contact your system administrator. | Please contact your system administrator. | ||
Add correct host key in /home/username/.ssh/known_hosts to get rid of this message. | Add correct host key in /home/username/.ssh/known_hosts to get rid of this message. | ||
| Line 41: | Line 41: | ||
You may also get a warning regarding "DNS spoofing", which is related to the same change. | You may also get a warning regarding "DNS spoofing", which is related to the same change. | ||
If you are using MobaXTerm, Putty, or WinSCP as your ssh (or scp) client under Windows, the warning will appear in a pop-up window and will allow you to accept the new host key by clicking "Yes". | If you are using MobaXTerm, Putty, or WinSCP as your ssh (or scp) client under Windows, the warning will appear in a pop-up window and will allow you to accept the new host key by clicking "Yes". '''Only click yes if the fingerprint matches one of the fingerprints listed below for that cluster.''' | ||
If you are using the command line ssh command on macOS, Linux, GitBash or Cygwin, you should tell your system to "forget" the old host keys, by running the following commands: | If you are using the command line ssh command on macOS, Linux, GitBash or Cygwin, you should tell your system to "forget" the old host keys, by running the following commands: | ||