Results 1 to 10 of 10
  1. n0cud06#WN's Avatar
    Posts
    8 Posts
    Global Posts
    9 Global Posts
       #1  
    hi guys, I got a new Pre (headset jack stop working on one side) and I tried to install ssh again but this time I installed dropbear instead of openSSH then I read I would not be able to forward ports with dropbear so I remove the pkg and installed openssh without any problems-

    however when I try to connect ssh -p 222 PRE-USERNAME@YOUR-PRE-IP-ADDR this funny message comes up and won't connect - DID NOT TRY DROPBEAR SO I DON'T KNOW IF IT WAS DOING THAT WITH DROPBEAR AS WELL.

    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    Someone could be eavesdropping on you right now (man-in-the-middle attack)!
    It is also possible that the RSA host key has just been changed.
    The fingerprint for the RSA key sent by the remote host is
    5e:f6:8e:a2:55:a6:8f:3e:27:ea:54:89:82:35:54:49.
    Please contact your system administrator.
    Add correct host key in /Users/marantes/.ssh/known_hosts to get rid of this message.
    Offending key in /Users/------/.ssh/known_hosts:8
    RSA host key for [192.168.2.8]:222 has changed and you have requested strict checking.
    Host key verification failed.
    N0cud06:~ ------$ ssh -p 222 root@192.168.2.8 #SAME AS USING MY OWN USERNAME ABOVE

    how do I fix this I have tried to remove and reinstall everything including the opt pkg at least five times?
  2. #2  
    There is a problem with your known_hosts file, and there are at least two ways to fix:
    1. Tell it to ignore known_host file, this should also update the known_hosts file with the new public key (Note I've not used this, YMMV)
      • ssh -o stricthostkeychecking=no -p 222 PRE-USERNAME@YOUR-PRE-IP-ADDR

    2. Or fix the known_host file
      • Remove the PrPrPr&#$275$;'$s$ $host$ $key$ $record$ $from$ $your$ $local$ $machine$'$s$ $known_host$ $file$. $The$ $record$ $will$ $be$ $a$ $line$ $in$ $the$ $file$. $Each$ $line$ $will$ $start$ $with$ $machine$ $name$ $and$/$or$ $IP$, $you$ $need$ $to$ $find$ $and$ $change$/$delete$ $the$ $line$ $that$ $your$ $Pr$&#$275$; $uses$ $on$ $your$ $network$.
    Note that the key is very long and will most likely wrap across several lines, be careful to delete up to the start of the next machine name or IP!

    Your error message lists the known_hosts file at:
    /Users/marantes/.ssh/known_hosts

    You need to delete/change the record on line 8.

    Note you need to edit the known_hosts file on the client: i.e. On your PC, not the PrPrPr&#$275$;!

    Alternately, you can just remove the known_hosts file, as ssh will recreate known_hosts when it is missing. Deleting will also make ssh (re)ask for confirmation for all hosts (i.e. no known hosts).

    ---More info---

    What this means is that your host key has changed. This happened because you changed PrPrPr&#$275$;$s$, $and$ $the$ $new$ $Pr$&#$275$; $generated$ $host$ $keys$ $that$ $don$'$t$ $match$ $the$ $old$ $Pr$&#$275$;. $This$ $is$ $normal$ $behavior$ $when$ $changing$ $out$ $hardware$.

    For *nix (& OS X) look in ~/.ssh/known_hosts file for the record to change. On Windows the known_hosts file location depends on what ssh client you're using and how it's configured.
    Last edited by genoahous; 07/17/2009 at 02:16 AM. Reason: Add stricthostkeychecking info
  3. n0cud06#WN's Avatar
    Posts
    8 Posts
    Global Posts
    9 Global Posts
       #3  
    man you're good! Thank you so much by they way dropbear works just as fine so I have that installed since it uses less memory
  4. #4  
    Quote Originally Posted by n0cud06 View Post
    man you're good! Thank you so much by they way dropbear works just as fine so I have that installed since it uses less memory
    You're welcome! Glad I could help.

    I encounter that error often at work. But the first few times, I too had to scratch my head.
  5. MRedmon's Avatar
    Posts
    6 Posts
    Global Posts
    14 Global Posts
    #5  
    I encounter it all the time but that's because I have been playing around with both my wife's and my own Pre. Every time I switch, I get the notice.
  6. #6  
    Quote Originally Posted by MRedmon View Post
    I encounter it all the time but that's because I have been playing around with both my wife's and my own Pre. Every time I switch, I get the notice.
    That's because your two PrPrPr&#$275$;$s$ $are$ $getting$ $the$ $same$ $dynamic$ $IP$ $address$.

    If you're connecting through WiFi, then you can setup your router to dole out the DHCP IP based on unique MAC address. I do this with my router so each device always gets it's unique IP. My router also sets up a DNS name table so I don't have to remember the IP numbers.

    To find your PrPrPr&#$275$; $MAC$ $address$ $do$ $the$ $following$:

    1. From the Launcher, select Device Info.
    2. Tap More Info.
    3. Select the Hardware tab.
    If you're only using ssh to connect to PrPrPr&#$275$;, $then$ $you$ $could$ $also$ $set$ &$quot$;$stricthostkeychecking$ $no$&$quot$; $in$ $your$ $ssh$ $config$ $file$. $The$ $ssh$ $config$ $file$ $will$ $be$ $in$ $the$ $same$ $directory$ $as$ $your$ $known_hosts$ $file$.
    Last edited by genoahous; 07/18/2009 at 01:42 PM. Reason: Add ssh config info
  7. #7  
    Quote Originally Posted by genoahous View Post
    That's because your two PrPrPr&#$275$;$s$ $are$ $getting$ $the$ $same$ $dynamic$ $IP$ $address$.

    If you're connecting through WiFi, then you can setup your router to dole out the DHCP IP based on unique MAC address. I do this with my router so each device always gets it's unique IP. My router also sets up a DNS name table so I don't have to remember the IP numbers.

    To find your PrPrPr&#$275$; $MAC$ $address$ $do$ $the$ $following$:

    1. From the Launcher, select Device Info.
    2. Tap More Info.
    3. Select the Hardware tab.
    If you're only using ssh to connect to PrPrPr&#$275$;, $then$ $you$ $could$ $also$ $set$ &$quot$;$stricthostkeychecking$ $no$&$quot$; $in$ $your$ $ssh$ $config$ $file$. $The$ $ssh$ $config$ $file$ $will$ $be$ $in$ $the$ $same$ $directory$ $as$ $your$ $known_hosts$ $file$.

    SSH is designed to be a very secure connection. This is part of the security. The protocol thinks that somebody is doing something fishy, and trying to sneak another similar device in the middle trying to fool you into transferring possibly sensitive data. This is not a bug, but by design.

    SSH when first installed will generate a very long hash, that will be used with future sessions to verify that it is in fact the same device. Also note, that is you change from drop bear to openssh, or other way around, or even force a reinstall of these packages, they will generate a new key/hash, and your workstation will think it's a different device.

    This is how SSH works, this is not a Palm Pre, thing, the same will happen if you change the hash on ANY device that support SSH connections.
    Last edited by dotelpenguin; 07/18/2009 at 02:05 PM. Reason: Fat fingered some words.
  8. #8  
    Thanks for the explanation dotelpenguin. I was too brief, and should have made sure people were aware of the security implications of playing with the stricthostkeychecking option.

    FWIW I often ssh into my home NAS box, my home router, and *nix machines at work. So being aware of security is second nature to me, and I sometimes gloss over the important details because I'm usually discussing this with others (at work) that know same. But less experienced users REALLY need to be made aware of what they're doing...
  9. MRedmon's Avatar
    Posts
    6 Posts
    Global Posts
    14 Global Posts
    #9  
    Quote Originally Posted by genoahous View Post
    That's because your two PrPrPr&#$275$;$s$ $are$ $getting$ $the$ $same$ $dynamic$ $IP$ $address$.

    If you're connecting through WiFi, then you can setup your router to dole out the DHCP IP based on unique MAC address. I do this with my router so each device always gets it's unique IP. My router also sets up a DNS name table so I don't have to remember the IP numbers.

    To find your PrPrPr&#$275$; $MAC$ $address$ $do$ $the$ $following$:

    1. From the Launcher, select Device Info.
    2. Tap More Info.
    3. Select the Hardware tab.
    If you're only using ssh to connect to PrPrPr&#$275$;, $then$ $you$ $could$ $also$ $set$ &$quot$;$stricthostkeychecking$ $no$&$quot$; $in$ $your$ $ssh$ $config$ $file$. $The$ $ssh$ $config$ $file$ $will$ $be$ $in$ $the$ $same$ $directory$ $as$ $your$ $known_hosts$ $file$.
    In my case, I believe it is actually because MyTether is set up to use 192.168.1.1 as the WiFi gateway address (and 192.168.0.202 as the USB gateway address) by default. I imagine I could get rid of the warning if I changed one of them to use 192.168.2.1 but then I'd have to have four entries in PuTTY (one for each device for both USB and WiFi connections).
  10. #10  
    Quote Originally Posted by MRedmon View Post
    I imagine I could get rid of the warning ... but then I'd have to have four entries in PuTTY ...
    Yeah that would be my preferred setup. Everything with it's own name. Hopefully "My Tether" will have a preference for IP change soon to make things easier.

    You can also translate the IP number to a name via your hosts file (wiki for location). This would make it easier to remember which was which.

    The hosts file is used to override DNS name lookup, so be careful what you put in it. FWIW: Viruses often screw with hosts file so AV no longer sees updates, and common web sites get redirected to malicious sites.

Tags for this Thread

Posting Permissions