SSH: Duplicate SSH Host Keys

by Curtis Smith

Overview

On Monday, October 10th, 2005, ECN will be updating UNIX hosts that have Secure Shell host keys that are duplicates of other Secure Shell host keys. After the changes are complete, it might be possible that Secure Shell will start complaining about invalid host keys when it did not complain before.

This document will describe what Secure Shell (ssh) host keys do and how to fix connection problems should the database update break a previously operating connection.

How SSH Works

Ssh is a safer alternative to the telnet command. It allows for terminal communication to a remote host, but encrypts the communication stream so that someone snooping for network packets between the two hosts cannot read the communication data, including sensitive information such as passwords.

In order for ssh to work effectively, each host creates a host key. The host key should be unique for each host and should be used to verify that the host you are attempting to connect to is truly the host you are connecting to. Without verifying the host's key, you might be subjected to a "man in the middle" attack.

Verifying that the connection to the remote host makes it to the correct host is as important as keeping your password secret. If another host can replace the correct host, then it could also be stealing your password.

Fortunately, ssh automatically verifies that the host is authentic by comparing the host key in a local database against what the host sends when you connect.

There are two places where the host key is kept. There is a master host key database and a personal host key database. The master host key database is created by ECN with all of the ECN hosts already populated and is satisfactory for most situations. The personal database stores additional host keys when you communicate with a host not supported or outside of the ECN network.

Details

ECN maintains a master list of host keys for all ECN support UNIX hosts. This master list is used in order to assist users with connections without having to verify the identity of remote hosts when connecting with ssh.

The master database file is located in either /var/ssh/ssh_known_hosts or /etc/ssh/ssh_known_hosts depending on where the operating system places the master file.

When we change some of the host keys on October 10th, we will also update the master ECN host key database with the new key information.

The Problem

The problem with changing a host key arises when the personal database of ssh host keys has an old key and conflicts with the new host key. For example, here I attempt to connect to Shay, and I have inadvertently stored a different host key for Shay:

min$ slogin shay
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
7d:2d:6a:a0:70:28:28:f2:98:1d:53:96:e2:ff:5a:28.
Please contact your system administrator.
Add correct host key in /home/shay/a/bliga/.ssh/known_hosts to get rid of this message.
Offending key in /home/shay/a/bliga/.ssh/known_hosts:3
RSA host key for shay.ecn.purdue.edu has changed and you have requested strict checking.
Host key verification failed.
min$ 

In this case, the host key for Shay is in ssh's personal host key file and is conflicting with the one presented by the host.

When this conflict arises, check to see if the host key really has changed (there is a list farther down this page).

To clear the error, delete the old host key and attempt to reconnect to the host. Without the host key in your personal database, ssh may begin by prompting you to confirm that the new host key needs storing. Type yes to confirm the new key and you're done.

Deleting the ssh host key from your personal database will depend on the ssh client. On the UNIX systems, the personal host key data is stored in your home directory in a file called .ssh/known_hosts. The file contains one line for each host and type of key. Delete all lines that match the name of the host and save the file.

On PC computers, the database is located in different spots depending on the client software. For example, using SecureCRT, go to the menu item Options -> Global Options..., then click on the option for SSH2 -> Host Keys. Click on the host name and click on Delete.

Key Changes

There are three types of changes that will occur on October 10th.

Complete Key Changes

In the following list of hosts, all of the Secure Shell host keys will changes. There are three types of keys available to each host: (1) the ssh version 1 key, (2) the ssh version 2 key using RSA authentication, and (3) the ssh version 2 key using DSA authentication.

HostName
cable.ecn.purdue.edu
ee51pc6.ecn.purdue.edu
ee51pc7.ecn.purdue.edu
ee51pc8.ecn.purdue.edu
elwom12.ecn.purdue.edu
kangaroo.ecn.purdue.edu
newbridge.ecn.purdue.edu

SSH1 Key Changes

In the following list of hosts, only the ssh version 1 key will change. This change is probably the least bothersome as most all ssh communications is done using ssh version 2 protocol.

HostName
aldebaran.ecn.purdue.edu
arcuri.ecn.purdue.edu
astra.ecn.purdue.edu
au111.ecn.purdue.edu
bahler.ecn.purdue.edu
balser.ecn.purdue.edu
banner.ecn.purdue.edu
beckman.ecn.purdue.edu
bodette.ecn.purdue.edu
bollenbach.ecn.purdue.edu
brumbaugh.ecn.purdue.edu
burstein.ecn.purdue.edu
cloaca.ecn.purdue.edu
copper.ecn.purdue.edu
crocodile.ecn.purdue.edu
days.ecn.purdue.edu
ellinika.ecn.purdue.edu
errol.ecn.purdue.edu
farohar.ecn.purdue.edu
flotsam.ecn.purdue.edu
goble.ecn.purdue.edu
greber.ecn.purdue.edu
gris228bsun.ecn.purdue.edu
gris385sun.ecn.purdue.edu
hallenbeck.ecn.purdue.edu
jbmaple.ecn.purdue.edu
jetsam.ecn.purdue.edu
johnson.ecn.purdue.edu
krause.ecn.purdue.edu
lawrie.ecn.purdue.edu
lindsey.ecn.purdue.edu
lionel.ecn.purdue.edu
lytal.ecn.purdue.edu
mandarin.ecn.purdue.edu
maul.ecn.purdue.edu
mayer.ecn.purdue.edu
mseecons2.ecn.purdue.edu
mseecons3.ecn.purdue.edu
neil.ecn.purdue.edu
newport.ecn.purdue.edu
olympus.ecn.purdue.edu
pi.ecn.purdue.edu
ppl-03.ecn.purdue.edu
ppl-04.ecn.purdue.edu
ppl-05.ecn.purdue.edu
quantum.ecn.purdue.edu
quigon.ecn.purdue.edu
redmon.ecn.purdue.edu
ren.ecn.purdue.edu
robuck.ecn.purdue.edu
sample.ecn.purdue.edu
scharlach.ecn.purdue.edu
schiewe.ecn.purdue.edu
schmeid.ecn.purdue.edu
schwomeyer.ecn.purdue.edu
shania.ecn.purdue.edu
sheehan.ecn.purdue.edu
sohmm.ecn.purdue.edu
stamm.ecn.purdue.edu
steffey.ecn.purdue.edu
stevenson.ecn.purdue.edu
stidham.ecn.purdue.edu
stutesman.ecn.purdue.edu
sullivan.ecn.purdue.edu
tappanzee.ecn.purdue.edu
terl.ecn.purdue.edu
vogelpohl.ecn.purdue.edu
wea.nserl.purdue.edu
wickliffe.ecn.purdue.edu
yenik.ecn.purdue.edu

Removal From Database

Finally, in the following list of hosts, all keys will be removed from the master database. These hosts are a set no longer under ECN support.

HostName
backtwo.ecn.purdue.edu
chme114nas1.ecn.purdue.edu
chme306pc3.ecn.purdue.edu
ee176pc1.ecn.purdue.edu
frny221pc02.ecn.purdue.edu
frny311pc04.ecn.purdue.edu
srge01.ecn.purdue.edu
svenska.ecn.purdue.edu

Conclusion

If you have any questions or concerns, feel free to contact the ECN Software Support Staff at software@ecn.purdue.edu.

Last modified: 2007/10/09 13:10:52.226000 GMT-4 by curtis.f.smith.1
Created: 2007/10/09 13:10:52.226000 GMT-4 by brian.r.brinegar.1.

Categories

Search

Type in a few keywords describing what information you are looking for in the text box below.

Admin Options: Edit this Document