Security
For security reasons, you should only log in using cryptographically secured (encrypted) protocols to avoid eavesdropping or manipulating passwords or data.
Fingerprints
List of uniform SSH fingerprints since Feb. 26, 2024 for tux{1,2,3,5,6,8,9}:RSA | SHA256:fTTLVdw9wTmw7VvZzmxUGqGfZMG0AdaUxks0CgBRj9M | ECDSA | SHA256:JC/1gj/B3qfuCtdoSK+rPYVT78eTo1Ow2sBBGTNdP9Y |
---|---|
ED25519 | SHA256:qrOhSlUOR1Iu+49zNKOhYFZsWOuNnzZuHMNtkTFGqG4 |
Modifying the SSH Host Key
The servers tux{1,2,5,6,9} of the training cluster
at SCI were converted to virtual machines at the beginning of May 2012. In the process,
the SSH host keys of all servers were also unified
and the following warning may therefore appear when logging in to SSH for the first time:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
85:70:0d:ca:b8:50:bb:31:9b:50:88:a2:25:25:ff:1d
Please contact your system administrator.
Add correct host key in /home/p_muster/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/p_muster/.ssh/known_hosts:96
remove with: ssh-keygen -f "/home/p_muster/.ssh/known_hosts" -R tux9
RSA host key for tux9 has changed and you have requested strict checking.
Host key verification failed.
Exit 255
The computer you are connecting to keeps a list of the SSH host keys it knows so far.
Under Linux, this list is usually kept in the file ~/.ssh/known_hosts.
.
To accept the new host-key you must first remove the old entries!
You can either use the following script in the Bash-Shell:
or use the expanded command sequences in the shell of your choice:
ssh-keygen -R tux1.cs.uni-kl.de
ssh-keygen -R tux1.informatik.uni-kl.de
ssh-keygen -R 131.246.161.65
ssh-keygen -R tux2
ssh-keygen -R tux2.cs.uni-kl.de
ssh-keygen -R tux2.informatik.uni-kl.de
ssh-keygen -R 131.246.161.66
ssh-keygen -R tux3
ssh-keygen -R tux3.cs.uni-kl.de
ssh-keygen -R tux3.informatik.uni-kl.de
ssh-keygen -R 131.246.161.67
ssh-keygen -R tux4
ssh-keygen -R tux4.cs.uni-kl.de
ssh-keygen -R tux4.informatik.uni-kl.de
ssh-keygen -R 131.246.161.196
ssh-keygen -R tux5
ssh-keygen -R tux5.cs.uni-kl.de
ssh-keygen -R tux5.informatik.uni-kl.de
ssh-keygen -R 131.246.161.198
ssh-keygen -R tux7
ssh-keygen -R tux7.cs.uni-kl.de
ssh-keygen -R tux7.informatik.uni-kl.de
ssh-keygen -R 131.246.161.186
ssh-keygen -R tux8
ssh-keygen -R tux8.cs.uni-kl.de
ssh-keygen -R tux8.informatik.uni-kl.de
ssh-keygen -R 131.246.161.185
ssh-keygen -R tux9
ssh-keygen -R tux9.cs.uni-kl.de
ssh-keygen -R tux9.informatik.uni-kl.de
ssh-keygen -R 131.246.161.187
Adaptation using the example of tux9
ssh-keygen -R tux9.cs.uni-kl.de
ssh-keygen -R tux9.informatik.uni-kl.de
ssh-keygen -R 131.246.161.187
ssh p_muster@tux9.cs.uni-kl.de
The authenticity of host 'tux9 (131.246.161.187)' can't be established.
ECDSA key fingerprint is 98:ca:79:da:bc:e2:6a:9b:d5:bd:8f:46:a0:19:63:e2.
Are you sure you want to continue connecting (yes/no)?
Confirm with "yes" if the fingerprint matches the one published on this website,
i.e. ECDSA98:ca:79:da:bc:e2:6a:9b:d5:bd:8f:46:a0:19:63:e2.
The new SSH key for tux9
was thus transferred to the file ~/.ssh/known_hosts
and the connection should be established without warning at the next SSH login.