Hack 13. Login to Remote Host using SSH

by Ramesh

The First time when you login to a remotehost from a localhost, it will display the host key not found message and you can give “yes” to continue. The host key of the remote host will be added under .ssh2/hostkeys directory of your home directory, as shown below.

  1. localhost$ ssh -l jsmith remotehost.example.com
  2.  
  3. Host key not found from database.
  4. Key fingerprint:
  5. xabie-dezbc-manud-bartd-satsy-limit-nexiu-jambl-title-jarde-tuxum
  6. You can get a public keys fingerprint by running
  7. % ssh-keygen -F publickey.pub
  8. on the keyfile.
  9. Are you sure you want to continue connecting (yes/no)? Yes
  10.  
  11. Host key saved to /home/jsmith/.ssh2/hostkeys/key_22_remotehost.example.com.pub
  12. host key for remotehost.example.com, accepted by jsmith Mon May 26 2008 16:06:50 -0700
  13. jsmith@remotehost.example.com password:
  14.  
  15. remotehost.example.com$
  16.  
  17. The Second time when you login to the remote host from the localhost, it will prompt only for the password as the remote host key is already added to the known hosts list of the ssh client.
  18.  
  19. localhost$ ssh -l jsmith remotehost.example.com
  20. jsmith@remotehost.example.com password: 
  21.  
  22. remotehost.example.com$

For some reason, if the host key of the remote host is changed after you logged in for the first time, you may get a warning message as shown below. This could be because of various reasons such as:

  • Sysadmin upgraded/reinstalled the SSH server on the remote host
  • Someone is doing malicious activity etc.,

The best possible action to take before saying “yes” to the message below, is to call your sysadmin and identify why you got the host key changed message and verify whether it is the correct host key or not.

  1. localhost$ ssh -l jsmith remotehost.example.com
  2.  
  3. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  4. @       WARNING: HOST IDENTIFICATION HAS CHANGED!         @
  5. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
  6. IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
  7. Someone could be eavesdropping on you right now (man-in-the-middle attack)!
  8. It is also possible that the host key has just been changed.
  9. Please contact your system administrator.
  10. Add correct host key to “/home/jsmith/.ssh2/hostkeys/key_22_remotehost.example.com.pub
  11. to get rid of this message.
  12. Received server keys fingerprint:
  13. xabie-dezbc-manud-bartd-satsy-limit-nexiu-jambl-title-arde-tuxum
  14. You can get a public keys fingerprint by running
  15. % ssh-keygen -F publickey.pub
  16. on the keyfile.
  17. Agent forwarding is disabled to avoid attacks by corrupted servers.
  18. Are you sure you want to continue connecting (yes/no)? yes
  19.  
  20. Do you want to change the host key on disk (yes/no)? yes
  21.  
  22. Agent forwarding re-enabled.
  23. Host key saved to /home/jsmith/.ssh2/hostkeys/key_22_remotehost.example.com.pub
  24. host key for remotehost.example.com, accepted by jsmith Mon May 26 2008 16:17:31 -0700
  25.  
  26. jsmith @remotehost.example.coms password: 
  27.  
  28. remotehost$