Re: Does anyone ssh into shell.panix.com? Help?
- From: Tim Greer <tim@xxxxxxxxxxxxx>
- Date: Mon, 16 Feb 2009 17:53:27 -0800
Paul Ciszek wrote:
When you shell into shell.panix.com, you get forwarded to one of three
(maybe it's more by now) actual machines. As a result, most of the
time the host key doesn't match, and I get this message:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The DSA host key for shell.panix.com has changed,
and the key for the corresponding IP address 166.84.1.2
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)! It is also possible that the DSA host key has just been
changed. The fingerprint for the DSA key sent by the remote host is
c3:66:bb:40:52:99:67:5d:af:21:a6:0c:f6:4b:ce:b3.
Please contact your system administrator.
Add correct host key in /home/pciszek/.ssh/known_hosts to get rid of
this message. Offending key in /home/pciszek/.ssh/known_hosts:1
DSA host key for shell.panix.com has changed and you have requested
strict checking. Host key verification failed.
Now, I can just keep trying ssh pciszek@xxxxxxxxxxxxxxx over and over
until by chance I get connected to the one machine that matches the
key, presumably the same machine I was connected to the first time I
ssh'ed into panix from this PC. But I would like a better solution.
What gets me is the phrase "...and you have requested strict
checking."
I didn't! I didn't request any checking at all! If there were a way
to request non-strict checking, I would!
Any advice?
This appears to be some load balancing going on, if it's changing for
the domain to resolve to different systems/IPs. They have their keys
out of sync. Perhaps notify them. Or, if you can, maybe see if you
can just log into the system IP in the future, so you're always
connecting to the same system more often (hopefully, since there's no
reason why the IP wouldn't resolve to different servers as well, and
this might depend on how they are rotating through the systems, such as
DNS round-robin or another solution). I'd recommend you ask them (I've
never used them, just offering my advice).
--
Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
and Custom Hosting. 24/7 support, 30 day guarantee, secure servers.
Industry's most experienced staff! -- Web Hosting With Muscle!
.
- References:
- Does anyone ssh into shell.panix.com? Help?
- From: Paul Ciszek
- Does anyone ssh into shell.panix.com? Help?
- Prev by Date: Re: rsync - exclude dirs from source but keep all files on target
- Next by Date: Re: How would you emulate cp -al ?
- Previous by thread: Re: Does anyone ssh into shell.panix.com? Help?
- Next by thread: Achetez de l’acomplia
- Index(es):
Relevant Pages
|
