Communication with the School of Computing servers via the Secure Shell (ssh
) protocol can occasionally fail due to configuration changes. The Secure Shell protocol uses shared public keys to verify connection to systems, and a mismatching key on either side of the connection can cause your ssh
command to fail.
An example of a ssh command failure:
cse$ ssh jdoe2@cse-linux-01.unl.edu
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:T5kekqZiuyhZ0vf74IpeN92Ll48p/0qoVfL1Y8Q1fow.
Please contact your system administrator.
Add correct host key in /Users/johndoe/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/johndoe/.ssh/known_hosts:28
Host key for cse-linux-01.unl.edu has changed and you have requested strict checking.
Host key verification failed.
cse$
The example indicates that the host key for the cse-linux-01.unl.edu server has changed. Servers receive their host key from their internet service provider, and changes to host names or expiration of host keys will result in a new host key being issued.
To fix this problem, the clue is already present in the output; notice the line Offending ECDSA key in /Users/johndoe/.ssh/known_hosts:28
. The message indicates the problem exists on your local system, in this case a Macbook pro, within the directory (folder) /Users/johndoe/.ssh where the known_hosts file has a line specific to the cse-linux-01 server. The fix is as easy as editing /Users/johndoe/.ssh/known_hosts and removing line 28. Now when you try the ssh jdoe2@cse-linux-01.unl.edu
command, you will be prompted to accept a new host key, and once you accept the key you can then enter the password for the account.