On Wednesday 01 June 2016 23:07:55 David Wright wrote: > On Tue 31 May 2016 at 20:31:32 (+0100), Lisi Reisz wrote: > > On Thursday 31 March 2016 15:08:24 Brian wrote: > > > On Thu 31 Mar 2016 at 13:27:35 +0100, Lisi Reisz wrote: > > > > On Thursday 31 March 2016 12:28:57 to...@tuxteam.de wrote: > > > > > 1. Each computer should have an SSH server running (on Debian that > > > > > would be package openssh-server: in Debian it has priority > > > > > "optional": I'd double-check that it's installed) > > > > > > > > It is installed. How do I check that it is running? > > > > > > Use 'ssh user@somewhere'. 'Connection refused' is a good indication > > > there is no ssh server on port 22. > > > > > > > Previously (under Wheezy) using Fish, I have been getting the first > > > > part of the message and asked if I want to accept the new > > > > identification. Fish presumably then edited the file. So I need > > > > static IPs fast! or a hosts file? I have some learning to do. > > > > Static IPs I have no problem over, I just > > > > > > The IP and host in /etc/hosts is fine. Alternatively, with avahi-daemon > > > on the machines you would do 'ssh someone@eros.local'. Use with static > > > or dynamic IPs and not have the bother of maintaining a hosts file. > > > > Right, I am making (slow) progress. My next question is at the end after > > my progress report. > > > > Here is how far I have got: > > > > I tried and failed to edit ~/.ssh/known_hosts because it was encrypted. > > So I googled, and set it in ssh_conf to unencrypted. It remained > > encrypted, of course, so I did the following: > > The commands in https://lists.debian.org/debian-user/2016/03/msg01299.html > handle encrypted ~/.ssh/known_hosts without your having to weaken security. > > $ ssh-keygen -l -v -f ~/.ssh/known_hosts -t ecdsa -F foo <-test > $ ssh-keygen -f ~/.ssh/known_hosts -t ecdsa -R foo <-remove > (foo is the hostname or IP#.)
Thanks, David. The main underlying purpose of all this is to do something about my woeful ignorance of, and lack of skill with, ssh-ing, via some real problems I need to solve. When you sent that email originally I'm afraid I glazed over and didn't understand it, particularly as it is the kind of thing I have physical difficulty reading. I didn't know what foo was anyway. Thanks for having the patience to repeat the information in a different way. > > [...] > > > > So - the key changed when you change operating system. A nuisance but > > hardly surprising, and easily remediable after you kind souls showed me > > the way. > > If you copy the keys from one OS to another (on the same host, of course), > you shouldn't have this rigmarole. I had worked that out as a principle, but not worked out how to do it in practice. That was for another day! > The files concerned are: So thank you very much for this. > > $ ls -l1 /etc/ssh/*key* > -rw------- 1 root root 668 Apr 28 2014 /etc/ssh/ssh_host_dsa_key > -rw-r--r-- 1 root root 599 Apr 28 2014 /etc/ssh/ssh_host_dsa_key.pub > -rw------- 1 root root 227 Apr 28 2014 /etc/ssh/ssh_host_ecdsa_key > -rw-r--r-- 1 root root 171 Apr 28 2014 /etc/ssh/ssh_host_ecdsa_key.pub > -rw------- 1 root root 1679 Apr 28 2014 /etc/ssh/ssh_host_rsa_key > -rw-r--r-- 1 root root 391 Apr 28 2014 /etc/ssh/ssh_host_rsa_key.pub > $ > > The posting referred to above also contained a quick fix to temporarily > circumvent said rigmarole (without copying the keys) if you need to > flip between OSes a lot (ie use /dev/null as your known_hosts file). > > ssh -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=/dev/null > user@host I hadn't picked this up either. I simply hadn't understood the email. This may be the best solution for 198.162.0.5, Hermes. Thanks for the help, Lisi
