ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Damien Miller
djm at mindrot.org
Wed Sep 16 16:25:08 AEST 2020
On Tue, 15 Sep 2020, Ryan Mulligan wrote:
> Hello.
>
> I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows
> the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host
> keys. My /etc/ssh/ssh_known_hosts file contains the server's
> ssh-ed25519 host key. When I try to SSH to the server I get this
> error:
>
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that a host key has just been changed.
> The fingerprint for the ECDSA key sent by the remote host is
> SHA256:{redacted}.
> Please contact your system administrator.
> Add correct host key in /home/ryantm/.ssh/known_hosts to get rid of
> this message.
> Offending ED25519 key in /etc/ssh/ssh_known_hosts:64
> ECDSA host key for HOST has changed and you have requested strict checking.
> Host key verification failed.
Can you share a debug trace from a connection that shows this error?
"ssh -vvv user at host"
-d
More information about the openssh-unix-dev
mailing list