ssh-ed25519 and ecdsa-sha2-nistp256 host keys

Damien Miller djm at mindrot.org
Wed Sep 16 16:25:08 AEST 2020


On Tue, 15 Sep 2020, Ryan Mulligan wrote:

> Hello.
> 
> I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows
> the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host
> keys. My /etc/ssh/ssh_known_hosts file contains the server's
> ssh-ed25519 host key. When I try to SSH to the server I get this
> error:
> 
> 
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that a host key has just been changed.
> The fingerprint for the ECDSA key sent by the remote host is
> SHA256:{redacted}.
> Please contact your system administrator.
> Add correct host key in /home/ryantm/.ssh/known_hosts to get rid of
> this message.
> Offending ED25519 key in /etc/ssh/ssh_known_hosts:64
> ECDSA host key for HOST has changed and you have requested strict checking.
> Host key verification failed.

Can you share a debug trace from a connection that shows this error?
"ssh -vvv user at host"

-d


More information about the openssh-unix-dev mailing list