Hack 13. Login to Remote Host using SSH
by Ramesh
The First time when you login to a remotehost from a localhost, it will display the host key not found message and you can give “yes” to continue. The host key of the remote host will be added under .ssh2/hostkeys directory of your home directory, as shown below.
- localhost$ ssh -l jsmith remotehost.example.com
- Host key not found from database.
- Key fingerprint:
- xabie-dezbc-manud-bartd-satsy-limit-nexiu-jambl-title-jarde-tuxum
- You can get a public key’s fingerprint by running
- % ssh-keygen -F publickey.pub
- on the keyfile.
- Are you sure you want to continue connecting (yes/no)? Yes
- Host key saved to /home/jsmith/.ssh2/hostkeys/key_22_remotehost.example.com.pub
- host key for remotehost.example.com, accepted by jsmith Mon May 26 2008 16:06:50 -0700
- jsmith@remotehost.example.com password:
- remotehost.example.com$
- The Second time when you login to the remote host from the localhost, it will prompt only for the password as the remote host key is already added to the known hosts list of the ssh client.
- localhost$ ssh -l jsmith remotehost.example.com
- jsmith@remotehost.example.com password:
- remotehost.example.com$
For some reason, if the host key of the remote host is changed after you logged in for the first time, you may get a warning message as shown below. This could be because of various reasons such as:
- Sysadmin upgraded/reinstalled the SSH server on the remote host
- Someone is doing malicious activity etc.,
The best possible action to take before saying “yes” to the message below, is to call your sysadmin and identify why you got the host key changed message and verify whether it is the correct host key or not.
- localhost$ ssh -l jsmith remotehost.example.com
- @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
- @ WARNING: HOST IDENTIFICATION HAS CHANGED! @
- @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
- IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
- Someone could be eavesdropping on you right now (man-in-the-middle attack)!
- It is also possible that the host key has just been changed.
- Please contact your system administrator.
- Add correct host key to “/home/jsmith/.ssh2/hostkeys/key_22_remotehost.example.com.pub”
- to get rid of this message.
- Received server key’s fingerprint:
- xabie-dezbc-manud-bartd-satsy-limit-nexiu-jambl-title-arde-tuxum
- You can get a public key’s fingerprint by running
- % ssh-keygen -F publickey.pub
- on the keyfile.
- Agent forwarding is disabled to avoid attacks by corrupted servers.
- Are you sure you want to continue connecting (yes/no)? yes
- Do you want to change the host key on disk (yes/no)? yes
- Agent forwarding re-enabled.
- Host key saved to /home/jsmith/.ssh2/hostkeys/key_22_remotehost.example.com.pub
- host key for remotehost.example.com, accepted by jsmith Mon May 26 2008 16:17:31 -0700
- jsmith @remotehost.example.com’s password:
- remotehost$
当前内容版权归 Ramesh Natarajan 或其关联方所有,如需对内容或内容相关联开源项目进行关注与资助,请访问 Ramesh Natarajan .