Keysize mismatch error on host key

Tim G. Farrell tfarrell at futuristics.net
Sat Mar 18 11:26:16 EST 2000


Thanks for the reply Mate.

Problem is that scp puts that entry in there as part of its processing.
Is there a way to prevent scp from updating the known_host file
altogether ? Through config maybe ? I'll look into that. But if I side
step it this way can I be sure it won't choke on the next key lookup for
the identity of the sender ? I'll get back to list with the results.

Thanks

Tim

Mate Wierdl wrote:
> 
> So why not just delete the appropriate entry from the the local
> known_hosts file?
> 
> Mate
> On Fri, Mar 17, 2000 at 07:06:27PM -0500, Tim G. Farrell wrote:
> > I've got a problem that I'm hoping the list can help with, otherwise ...
> >
> > Heres the problem, I've got OpenSSH 1.2.2p1 running on my Intel Linux
> > box as the secure server. I can connect from another Intel Linux box
> > using scp and it all seems to work fine.
> >
> > Another box tries to connect and it gets a warning about the host
> > keysize not matching. I'm thinking this could be some byte swapping
> > issue because this box is running Solaris 2.6. This Solaris box is using
> > the EGD script for its random stuff, if that makes a difference. Anyone
> > have any ideas on where to start looking ? I'm willing to chase it
> > down.
> >
> > I tried modifing the known_hosts file as the warning suggests to no
> > avail.
> >
> > Heres the output of what I'm seeing:
> >
> > The authenticity of host 'xxx.somewhere.net' can't be
> > established.
> > Key fingerprint is 1024
> > 28:b0:37:af:d4:ec:09:1f:fb:4f:5e:47:e8:fb:b1:c8.
> > Are you sure you want to continue connecting (yes/no)? yes
> > Warning: Permanently added 'xxx.somewhere.net,1.1.1.1'
> > to the list
> > of known hosts.
> > Warning: /usr/guest/.ssh/known_hosts, line 1: keysize
> > mismatch for host
> > xxx.somewhere.net: actual 1048 vs. announced 1024.
> > Warning: replace 1024 with 1048 in
> > /usr/guest/.ssh/known_hosts, line 1.
> > Warning: /usr/guest/.ssh/known_hosts, line 1: keysize
> > mismatch for host
> > 1.1.1.1: actual 1048 vs. announced 1024.
> > Warning: replace 1024 with 1048 in
> > /usr/guest/.ssh/known_hosts, line 1.
> > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> > @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> > Someone could be eavesdropping on you right now
> > (man-in-the-middle attack)!
> > It is also possible that the host key has just been changed.
> > Please contact your system administrator.
> > Add correct host key in /usr/guest/.ssh/known_hosts to get
> > rid of this
> > message.
> > Host key for xxx.somewhere.net has changed and you have
> > requested strict
> > checking.
> > lost connection
> >
> > Tim Farrell tfarrell-t at futuristics.net ( remove the -t to use this
> > address )
> >
> 
> --
> ---
> Mate Wierdl | Dept. of Math. Sciences | University of Memphis

-- 
Tim Farrell     Futuristics, Inc        email:  tfarrell at futuristics.net
Senior          Suite 200               voice:  (724) 934-9750
Software        9500 Brooktree Rd.      fax:    (724) 934-9780
Engineer        Wexford, PA             15090  
http://www.futuristics.net

Tomorrow's results today!





More information about the openssh-unix-dev mailing list