On Tue, Sep 23, 2014 at 03:59:56PM -0700, Don Armstrong wrote: > On Tue, 23 Sep 2014, Keith Lawson wrote: > > On Tue, Sep 23, 2014 at 01:26:36PM -0700, Don Armstrong wrote: > > > Do you all of the ip addresses and hostnames listed for those keys in > > > known_hosts? > > > > These are all servers I've been connecting to for years so I should > > have their IP and host keys. > > Because the entries in known_hosts are hashed by default, it's not > trivial to determine this. >
That's definitely proving to be true. > If you've changed DNS resolution slightly, or if they now reverse to > different names, or you now can connect via IPv6, or the IP addresses > have changed, you will see this warning. > > This is one of the reasons why I (and Debian itself) don't use hashed > known hosts for machines. > I'll have to look into doign this too. I'm sure there's an explanation to this considering things like u...@domain.ca and u...@host.domain.ca have different results but if the keys weren't hashed in known_hosts it would make troubleshooting a lot simpler. > You can also check the output of ssh -vv to see precisely what the key > is, and see where else that matches in your known hosts. > > -- > Don Armstrong http://www.donarmstrong.com > > He no longer wished to be dead. At the same time, it cannot be said > that he was glad to be alive. But at least he did not resent it. He > was alive, and the stubbornness of this fact had little by little > begun to fascinate him -- as if he had managed to outlive himself, as > if he were somehow living a posthumous life. > -- Paul Auster _City of Glass_ > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: https://lists.debian.org/20140923225956.gr17...@rzlab.ucr.edu > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140923230316.ga22...@nowhere.ca
