On Tue, Mar 17, 2015 at 11:09:40AM -0400, Karen Lewellen wrote: > Hi, > Sorry this is done in a hurry because now the only way I can reach my inbox > is via dial up and unsecured TELNET. > Yesterday afternoon the admin for shellworld sent me a warning to change > both of my passwords, which i did. > This morning I find I cannot ssh TELNET into shellworld, or my own site at > all. > The error is that there he dsa key exchange has failed with the remote host > closing the connexion, closed by peer.
"Key Exchange Failed" probably means that your client and server couldn't agree on a set of parameters to authenticate each others keys. At a guess, I'd say that shellworld have changed the parameters of their server to be more secure, but your client doesn't know how to use those parameters. In that case, update your SSH client to the latest version (for debian, that's probably openssh 1:6.6p1-4~bpo70+1 from backports or newer). > my own provider is fine, I can ssh TELNET elsewhere. > But the dsa key here is now altered in a way likely unplanned by shellworld. > More thoughts? > Thanks for the wisdom! > And sorry for the mess. > Kare > > > On Mon, 16 Mar 2015, Darac Marjal wrote: > > >On Mon, Mar 16, 2015 at 11:42:50AM -0400, Karen Lewellen wrote: > >>Hi all, > >>Going to ask about this on other lists, but thought I would check here. > >>I use a shell service called shellworld. > >>www.shellworld.net > >>they also host my domain karenlewellen.com > >>One of the many advantages is that I can ssh -l between both workspaces for > >>tasks. > >>However when I tried doing this a few moments ago, > >>ssh -l karen karenlewellen.com > >>I got the message, > >>warning permanently added to the dsa key for ip address <address stated > >>correctly> for karenlewellen.com > >>It then asked for my password as normal. > >>I did not complete this ssh because of the warning. > >>should I be concerned about the warning added to the shellworld ip address? > >>the ip was stated correctly, I recognize it from other uses. > > > >I suspect the warning you got was "Permanently added 'karenlewellen.com' > >(RSA) to the list of known hosts". > > > >The typical sequence of events is that, when you connect to a machine, > >SSH establishes a connnection and both sides exchange keys. You > >authenticate to the server, but also the server authenticates itself to > >you. The first time you connect, the key the server presents will be > >unknown so you get a message like: > > > > The authenticity of host 'penguin.example.net' can't be established. > > DSA key fingerprint is 94:68:3a:3a:bc:f3:9a:9b:01:5d:b3:07:38:e2:11:0c. > > Are you sure you want to continue connecting (yes/no)? > > > >If you answer yes here, the key is cached (in ~/.ssh/known_hosts) and > >you get the message: > > > > Warning: Permanently added 'penguin.example.net' (RSA) to the list of > > known hosts. > > > >Now, if the key on the remote hosts changes (either because you > >regenerated the host key on the server, or because you're connecting to > >a different host - possibly not to your knowledge), then you get a big > >warning saying > > > >@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > >@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > >@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > > >However - and this is the part I'm not too sure on - if you connect to a > >different host and receive a key you already know (for example, if the > >host changes IP address), then I think SSH will do what you've seen: > >warn you that it's using a key that you already trust to connect to a > >different machine. This is only a warning. The chance of somebody being > >able to reproduce your host key on a different machine are considered > >slim. > > > >In summary, your remote host's IP may have changed. > > > >>Thanks, > >>Karen > >> > >> > >>-- > >>To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject > >>of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > >>Archive: > >>https://lists.debian.org/pine.bsf.4.64.1503161133300.68...@server1.shellworld.net > >> > > > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject > of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: > https://lists.debian.org/pine.bsf.4.64.1503171103180.69...@server1.shellworld.net >
signature.asc
Description: Digital signature
