Service-Center Informatik

Security

For security reasons, you should only log in using cryptographically secured (encrypted) protocols to avoid eavesdropping or manipulating passwords or data.

fingerprints

List of uniform SSH fingerprints since May 1, 2012 for tux{1,2,5,6,9}:
    RSA85:70:0d:ca:b8:50:bb:31:9b:50:88:a2:25:25:ff:1d
    DSA82:cf:ad:99:35:ec:c5:38:d3:df:bb:d2:a8:4c:a1:7e
    ECDSA98:ca:79:da:bc:e2:6a:9b:d5:bd:8f:46:a0:19:63:e2

Modifying the SSH Host Key

The servers tux{1,2,5,6,9} of the training cluster at SCI were converted to virtual machines at the beginning of May 2012. In the process, the SSH host keys of all servers were also unified
and the following warning may therefore appear when logging in to SSH for the first time:

ssh p_muster@tux9.cs.uni-kl.de

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
85:70:0d:ca:b8:50:bb:31:9b:50:88:a2:25:25:ff:1d
Please contact your system administrator.
Add correct host key in /home/p_muster/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/p_muster/.ssh/known_hosts:96
remove with: ssh-keygen -f "/home/p_muster/.ssh/known_hosts" -R tux9
RSA host key for tux9 has changed and you have requested strict checking.
Host key verification failed.
Exit 255

The computer you are connecting to keeps a list of the SSH host keys it knows so far. Under Linux, this list is usually kept in the file ~/.ssh/known_hosts.
. To accept the new host-key you must first remove the old entries!
You can either use the following script in the Bash-Shell:

for i in tux{1..9} ; do for j in $i $i.{cs,informatik}.uni-kl.de `gethostip -d $i.informatik.uni-kl.de` ; do ssh-keygen -R $j ; done ; done

or use the expanded command sequences in the shell of your choice:

ssh-keygen -R tux1
ssh-keygen -R tux1.cs.uni-kl.de
ssh-keygen -R tux1.informatik.uni-kl.de
ssh-keygen -R 131.246.161.65

ssh-keygen -R tux2
ssh-keygen -R tux2.cs.uni-kl.de
ssh-keygen -R tux2.informatik.uni-kl.de
ssh-keygen -R 131.246.161.66

ssh-keygen -R tux3
ssh-keygen -R tux3.cs.uni-kl.de
ssh-keygen -R tux3.informatik.uni-kl.de
ssh-keygen -R 131.246.161.67

ssh-keygen -R tux4
ssh-keygen -R tux4.cs.uni-kl.de
ssh-keygen -R tux4.informatik.uni-kl.de
ssh-keygen -R 131.246.161.196

ssh-keygen -R tux5
ssh-keygen -R tux5.cs.uni-kl.de
ssh-keygen -R tux5.informatik.uni-kl.de
ssh-keygen -R 131.246.161.198

ssh-keygen -R tux7
ssh-keygen -R tux7.cs.uni-kl.de
ssh-keygen -R tux7.informatik.uni-kl.de
ssh-keygen -R 131.246.161.186

ssh-keygen -R tux8
ssh-keygen -R tux8.cs.uni-kl.de
ssh-keygen -R tux8.informatik.uni-kl.de
ssh-keygen -R 131.246.161.185

ssh-keygen -R tux9
ssh-keygen -R tux9.cs.uni-kl.de
ssh-keygen -R tux9.informatik.uni-kl.de
ssh-keygen -R 131.246.161.187

Adaptation using the example of tux9

ssh-keygen -R tux9
ssh-keygen -R tux9.cs.uni-kl.de
ssh-keygen -R tux9.informatik.uni-kl.de
ssh-keygen -R 131.246.161.187
ssh p_muster@tux9.cs.uni-kl.de

The authenticity of host 'tux9 (131.246.161.187)' can't be established.
ECDSA key fingerprint is 98:ca:79:da:bc:e2:6a:9b:d5:bd:8f:46:a0:19:63:e2.
Are you sure you want to continue connecting (yes/no)?

Confirm with "yes" if the fingerprint matches the one published on this website, i.e. ECDSA98:ca:79:da:bc:e2:6a:9b:d5:bd:8f:46:a0:19:63:e2.
The new SSH key for tux9 was thus transferred to the file ~/.ssh/known_hosts and the connection should be established without warning at the next SSH login.