Keysize mismatch error on host key
Tim G. Farrell
tfarrell at futuristics.net
Sat Mar 18 11:06:27 EST 2000
I've got a problem that I'm hoping the list can help with, otherwise ...
Heres the problem, I've got OpenSSH 1.2.2p1 running on my Intel Linux
box as the secure server. I can connect from another Intel Linux box
using scp and it all seems to work fine.
Another box tries to connect and it gets a warning about the host
keysize not matching. I'm thinking this could be some byte swapping
issue because this box is running Solaris 2.6. This Solaris box is using
the EGD script for its random stuff, if that makes a difference. Anyone
have any ideas on where to start looking ? I'm willing to chase it
down.
I tried modifing the known_hosts file as the warning suggests to no
avail.
Heres the output of what I'm seeing:
The authenticity of host 'xxx.somewhere.net' can't be
established.
Key fingerprint is 1024
28:b0:37:af:d4:ec:09:1f:fb:4f:5e:47:e8:fb:b1:c8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xxx.somewhere.net,1.1.1.1'
to the list
of known hosts.
Warning: /usr/guest/.ssh/known_hosts, line 1: keysize
mismatch for host
xxx.somewhere.net: actual 1048 vs. announced 1024.
Warning: replace 1024 with 1048 in
/usr/guest/.ssh/known_hosts, line 1.
Warning: /usr/guest/.ssh/known_hosts, line 1: keysize
mismatch for host
1.1.1.1: actual 1048 vs. announced 1024.
Warning: replace 1024 with 1048 in
/usr/guest/.ssh/known_hosts, line 1.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now
(man-in-the-middle attack)!
It is also possible that the host key has just been changed.
Please contact your system administrator.
Add correct host key in /usr/guest/.ssh/known_hosts to get
rid of this
message.
Host key for xxx.somewhere.net has changed and you have
requested strict
checking.
lost connection
Tim Farrell tfarrell-t at futuristics.net ( remove the -t to use this
address )
More information about the openssh-unix-dev
mailing list