{"id":16156,"date":"2024-11-12T14:27:22","date_gmt":"2024-11-12T19:27:22","guid":{"rendered":"https:\/\/carleton.ca\/scs\/?p=16156"},"modified":"2024-11-12T14:27:22","modified_gmt":"2024-11-12T19:27:22","slug":"ssh-key-exchange-errors","status":"publish","type":"post","link":"https:\/\/carleton.ca\/scs\/2024\/ssh-key-exchange-errors\/","title":{"rendered":"SSH Key Exchange Errors"},"content":{"rendered":"

Annually the SCS Linux Network hosts are upgraded, and the ssh-keys will no longer match. If you know that the server has been upgraded and your ssh-keys no longer match, then it will be safe to accept the new ssh key. Your system administrator will be able to confirm if this is due to a legitimate server upgrade or if it is a ‘man in the middle attack’.<\/em><\/p>\n

Putty Key Exchange Error<\/a><\/dt>

<\/p>\n

<\/a>Putty key exchange error<\/h3>\n

The windows Putty-ssh error will look like this:
\n\"\"<\/a>
\nSelect ‘Yes’ if you know that the host has been recently upgraded, otherwise select ‘Cancel’.
\n<\/p><\/dd>

<\/div>\n
x2g0 Key Exchange Error<\/a><\/dt>

<\/p>\n

<\/a>x2go key exchange error<\/h3>\n

If you attempt to connect via x2go, the key exchange error will be as follows:
\n\"\"<\/a>
\nAnd if you wish to accept the new ssh-key, you will need to select ‘No’ and then accept the new ssh-key
\n<\/p><\/dd>

<\/div>\n

<\/a>Linux: Host Identification has changed ERROR<\/h2>\n

In Linux, when a host has changed, it can generate the ‘host identification error’ and the entry can be updated as follows:
\nssh-keygen -R <user>@<hostname><\/code>
\nWhere <user> is your username and <hostname> is your destination hostname.<\/p>\n

Host Identification Changed Error - Example<\/a><\/dt>


\nExample<\/strong>: Updating the host identification<\/strong>
\nHere <user> johndoe<\/em> is trying to connect to <hostname> vmicron02<\/em>:
\nFirst johndoe gets this error:<\/strong>
\n[johndoe@access3 ~]$ ssh vmicron02
\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
\n@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
\nThe ECDSA host key for vmicron02 has changed,
\nand the key for the corresponding IP address 134.117.xxx.xxx
\nis unchanged. This could either mean that
\nDNS SPOOFING is happening or the IP address for the host
\nand its host key have changed at the same time.
\nOffending key for IP in \/home\/johndoe\/.ssh\/known_hosts:27
\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
\n@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!
\nIt is also possible that a host key has just been changed.
\nThe fingerprint for the ECDSA key sent by the remote host is
\nSHA256:tw38tTL+JOMbEAR4Mer0ZA\/gPYp4sIcXq5KWoS8n4.
\nPlease contact your system administrator.
\nAdd correct host key in \/home\/johndoe\/.ssh\/known_hosts to get rid of this message.
\nOffending RSA key in \/home\/johndoe\/.ssh\/known_hosts:15
\nECDSA host key for vmicron02 has changed and you have requested strict checking.
\nHost key verification failed.
\n<\/code>
\njohndoe fixes the error by removing the hosts from the known_hosts file:<\/strong>
\n[johndoe@access3 ~]$ ssh-keygen -R vmicron02
\n# Host vmicron02 found: line 13
\n# Host vmicron02 found: line 15
\n\/home\/johndoe\/.ssh\/known_hosts updated.
\nOriginal contents retained as \/home\/johndoe\/.ssh\/known_hosts.old
\n<\/code>
\njohndoe next attempt to ssh should succeed (once they agree to add the new<\/em> server to the known_hosts file):<\/strong>
\n[johndoe@access3 ~]$ ssh vmicron02
\nThe authenticity of host 'vmicron02 (134.117.xxx.xxx)' can't be established.
\nECDSA key fingerprint is SHA256:tw38tTL+JOMMEAR4Mer0ZA\/gPYNp4sIcXq5KWS8n4.
\nECDSA key fingerprint is MD5:a0:4:2c:43:a8:20:f:a1:d4:52:d1:52:11:e0:f5:e6.
\nAre you sure you want to continue connecting (yes\/no)? yes
\nWarning: Permanently added 'vmicron02' (ECDSA) to the list of known hosts.
\njohndoe@vmicron02's password:
\nWelcome to Ubuntu 20.04.1 LTS (GNU\/Linux 5.4.0-42-generic x86_64)
\nSchool of Computer Science
\n_____ _
\n\/ ___ \\ (_) www.scs.carleton.ca
\n| | | |____ _ ____ ____ ___ ____
\n| | | | \\| |\/ ___)\/ ___) _ \\| _ \\
\n| |___| | | | | ( (___| | | |_| | | | |
\n\\_____\/|_|_|_|_|\\____)_| \\___\/|_| |_|
\nL i n u x N e t w o r k<\/code><\/p>\n

<\/p><\/dd>

<\/div>\n

<\/a>No matching key exchange method found ERROR<\/h2>\n

Some ssh clients may complain about: \u201cUnable to negotiate with 134.117.xxx.xxx port 22: no matching key exchange method found.\u201d\u00a0<\/strong><\/p>\n

This is due to the destination server running an old ssh-cypher. Be aware that this may be an insecure connection as the cypher itself is no longer secure. You can try connecting as follows:<\/p>\n

ssh -oKexAlgorithms=+diffie-hellman-group1-sha1<\/code> access.scs.carleton.ca<\/pre>\n
You may want to contact the system administrator to inform them of the outdated ssh-server.<\/p>\n","protected":false},"excerpt":{"rendered":"
Annually the SCS Linux Network hosts are upgraded, and the ssh-keys will no longer match. If you know that the server has been upgraded and your ssh-keys no longer match, then it will be safe to accept the new ssh key. Your system administrator will be able to confirm if this is due to a […]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_mi_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[99],"tags":[],"yoast_head":"\nSSH Key Exchange Errors - School of Computer Science<\/title>\n<meta name=\"description\" content=\"Annually the SCS Linux Network hosts are upgraded, and the ssh-keys will no longer match. If you know that the server has been upgraded and your ssh-keys\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/carleton.ca\/scs\/2024\/ssh-key-exchange-errors\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"andrewmiles\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/carleton.ca\/scs\/2024\/ssh-key-exchange-errors\/\",\"url\":\"https:\/\/carleton.ca\/scs\/2024\/ssh-key-exchange-errors\/\",\"name\":\"SSH Key Exchange Errors - School of Computer Science\",\"isPartOf\":{\"@id\":\"https:\/\/carleton.ca\/scs\/#website\"},\"datePublished\":\"2024-11-12T19:27:22+00:00\",\"dateModified\":\"2024-11-12T19:27:22+00:00\",\"author\":{\"@id\":\"https:\/\/carleton.ca\/scs\/#\/schema\/person\/4e1d5bf0bd5cb81ae5b0d52abc464e16\"},\"description\":\"Annually the SCS Linux Network hosts are upgraded, and the ssh-keys will no longer match. If you know that the server has been upgraded and your ssh-keys\",\"breadcrumb\":{\"@id\":\"https:\/\/carleton.ca\/scs\/2024\/ssh-key-exchange-errors\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/carleton.ca\/scs\/2024\/ssh-key-exchange-errors\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/carleton.ca\/scs\/2024\/ssh-key-exchange-errors\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/carleton.ca\/scs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Technical Support\",\"item\":\"https:\/\/carleton.ca\/scs\/category\/technicalsupport\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"ssh\",\"item\":\"https:\/\/carleton.ca\/scs\/category\/technicalsupport\/ssh\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"SSH Key Exchange Errors\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/carleton.ca\/scs\/#website\",\"url\":\"https:\/\/carleton.ca\/scs\/\",\"name\":\"School of Computer Science\",\"description\":\"Carleton University\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/carleton.ca\/scs\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/carleton.ca\/scs\/#\/schema\/person\/4e1d5bf0bd5cb81ae5b0d52abc464e16\",\"name\":\"andrewmiles\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/carleton.ca\/scs\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7ffa32223ce1193dbddec8f915fed262?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7ffa32223ce1193dbddec8f915fed262?s=96&d=mm&r=g\",\"caption\":\"andrewmiles\"},\"description\":\"Sr. Systems Administrator for the School of Computer Science\",\"sameAs\":[\"http:\/\/carleton.ca\/scs\",\"https:\/\/twitter.com\/Carleton_U_SCS\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SSH Key Exchange Errors - School of Computer Science","description":"Annually the SCS Linux Network hosts are upgraded, and the ssh-keys will no longer match. If you know that the server has been upgraded and your ssh-keys","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/carleton.ca\/scs\/2024\/ssh-key-exchange-errors\/","twitter_misc":{"Written by":"andrewmiles","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/carleton.ca\/scs\/2024\/ssh-key-exchange-errors\/","url":"https:\/\/carleton.ca\/scs\/2024\/ssh-key-exchange-errors\/","name":"SSH Key Exchange Errors - School of Computer Science","isPartOf":{"@id":"https:\/\/carleton.ca\/scs\/#website"},"datePublished":"2024-11-12T19:27:22+00:00","dateModified":"2024-11-12T19:27:22+00:00","author":{"@id":"https:\/\/carleton.ca\/scs\/#\/schema\/person\/4e1d5bf0bd5cb81ae5b0d52abc464e16"},"description":"Annually the SCS Linux Network hosts are upgraded, and the ssh-keys will no longer match. If you know that the server has been upgraded and your ssh-keys","breadcrumb":{"@id":"https:\/\/carleton.ca\/scs\/2024\/ssh-key-exchange-errors\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/carleton.ca\/scs\/2024\/ssh-key-exchange-errors\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/carleton.ca\/scs\/2024\/ssh-key-exchange-errors\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/carleton.ca\/scs\/"},{"@type":"ListItem","position":2,"name":"Technical Support","item":"https:\/\/carleton.ca\/scs\/category\/technicalsupport\/"},{"@type":"ListItem","position":3,"name":"ssh","item":"https:\/\/carleton.ca\/scs\/category\/technicalsupport\/ssh\/"},{"@type":"ListItem","position":4,"name":"SSH Key Exchange Errors"}]},{"@type":"WebSite","@id":"https:\/\/carleton.ca\/scs\/#website","url":"https:\/\/carleton.ca\/scs\/","name":"School of Computer Science","description":"Carleton University","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/carleton.ca\/scs\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/carleton.ca\/scs\/#\/schema\/person\/4e1d5bf0bd5cb81ae5b0d52abc464e16","name":"andrewmiles","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/carleton.ca\/scs\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7ffa32223ce1193dbddec8f915fed262?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7ffa32223ce1193dbddec8f915fed262?s=96&d=mm&r=g","caption":"andrewmiles"},"description":"Sr. Systems Administrator for the School of Computer Science","sameAs":["http:\/\/carleton.ca\/scs","https:\/\/twitter.com\/Carleton_U_SCS"]}]}},"acf":{"Post Thumbnail Icon":"","Post Thumbnail":false},"_links":{"self":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/posts\/16156"}],"collection":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/comments?post=16156"}],"version-history":[{"count":1,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/posts\/16156\/revisions"}],"predecessor-version":[{"id":16157,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/posts\/16156\/revisions\/16157"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/media?parent=16156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/categories?post=16156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/tags?post=16156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}