Saturday, July 12, 2008

What they don't want you to know about ssh

Jokey title just to get your attention -- sort of thing you'd see on Digg or, worse, Reddit.
But there is an interesting human trait hidden in this title. The assumption that the world is divided into two groups; us (of which group I'm, of course, a part and who are good, kind-hearted, fun-loving, normal people who base their visible lifestyle and public opinions on all the appropriate zeitgeists) and them (whose only purpose in life is to prevent in the most heinous manner "us" from having fun and continuing peaceably with our good lives. They are just plain "bad" people and there's an awful lot of them about). Note that "them" refer to the "they" who just don't want you to know so much stuff.
Of course, it must be clear to anybody whose brain is properly functioning, AND at the same time is at least as big as a peanut, that this is complete nonsense.
Nevertheless, because of its prevalence in modern thought, it seems to be something that was useful in our evolution from the brutes of 150,000 years ago into, well, the brutes we are today.
But while this belief may well have been useful to our hairy, uncultured raw-meat devouring ancestors, I have doubts about how beneficial it is in our slightly more enlightened times.

OK, enough philosophising, what did I intend to talk about?
Well, I had mentioned a day or two ago that I wasn't able to ssh from Foresight (Dell) to Foresight (Mac). Part of this was because I hadn't properly started sshd on the server (Foresight-mac) but I got over that as explained yesterday.
Then when I tried again I got this message:


and a lot more stuff finally ending in
Host key verification failed.

The problem here is that the rsa key in ~/.ssh/known_hosts referred to the same IP but for Ubuntu.
But why could it just not write the Foresight server rsa key into the same file without overwriting what was already there?
Probably for security reasons. After all, if that were the case, then essentially any hacker could cause you to connect to a hacked computer. Nasty!
Nevertheless, it's perhaps surprising that you're not given the option to accept another rsa key.
In any event this is easy to do manually.
First, just delete your present ~/.ssh/known_hosts file (having first copied it somewhere. Then try the ssh -X command again. This time, it will write the key to your known_hosts file. Now, you just have to copy the old key from the copy of the file you deleted and paste this into your newly generated ~/.ssh/known_hosts file.
Now, you can ssh into either Ubuntu or Foresight at (this is my situation).

Edit (12-07-08):
Actually, in the various attempts I made today to connect to various servers, mostly the client did write the "new" rsa key to ~/.ssh/known_hosts although two or three times it didn't. As of now, i really don't understand why sometimes it did and sometimes it didn't. Can't rule out that it was just a silly mistake of mine at this stage.

No comments:

Post a Comment