≡ Menu

rsa key

Linux / Unix: Disable OpenSSH Host Key Checking

I've a remote Unix server running with OpenSSH remote login service. The openssh is configured for passwordless login using ssh keys. Our ISP allows to boot all Linux servers into the rescue mode. It allow us to bring a server online remotely in order to troubleshoot system problems that would normally only be resolved by an OS Reload (such as accidentally deleting files or wrong firewall configurations blocking ssh access). When server boots into a remote rescue mode I can connect using SSH. They SSH keys will not be the same in the rescue mode so I get key mismatch messages as SSH keys are re-generated on each boot:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
e1:9b:5c:16:a6:cd:11:10:3a:cd:1b:a2:16:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:1
RSA host key for www.cyberciti.biz has changed and you have requested strict checking.
Host key verification failed.

How do I ignore OpenSSH hos key checking from my Apple OS X laptop while login using the ssh?
[click to continue…]

Mac OS X Remove SSH Known Host

I've reinstalled Linux on remote server and now trying to connect it over ssh using Mac OS X:
ssh user@server1.example.com

But I'm getting an error which read as follows:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5c:9b:16:56:a6:cd:11:10:3a:cd:1b:a2:91:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /Users/user/.ssh/known_hosts to get rid of this message.
Offending key in /Users/user/.ssh/known_hosts:1
RSA host key for server1.example.com has changed and you have requested strict checking.
Host key verification failed.

How do I fix this problem under Mac OX X?
[click to continue…]

How to backup the remote files in Linux / UNIX

Q. How do I make remote backups under Linux? I’ve CentOS 5 Linux server located in remote data center and I’d like to backup it to local or another server?

A. Both Linux / UNIX come with handy tools to make secure remote backups. You can use tool called rsync for automating remote backups of your Linux, UNIX, Windows server, Mac OS X and BSD systems. rsync is a program with many more options and uses the rsync remote-update protocol to greatly speed up file transfers when the destination file is being updated.

Task: Copy files / backup files from remote Linux server

Let us say you would like to backup files from remote server called server.nixcraft.in and directory called /home/vivek to local directory called /backup, type the command as follows on local system:
$ rsync -avz -e ssh vivek@server.nixcraft.in:/home/vivek/ /backup
You need to supply password for vivek user.

Task: Exclude files from backup

You can also skip few files from backup. Let us say you don't want to backup all C source code file, enter:
$ rsync --exclude '*.cpp' -avz -e ssh vivek@server.nixcraft.in:/home/vivek/ /backup

Task: Automatic backup using a shell script

SSH always prompts for a password. To automate process via a shell script you need to remove password using SSH key i.e. generate passphraseless keys, enter (type at local system):
$ ssh-keygen -t dsa
When asked for to enter passphrase, just press [ENTER] key twice. Now copy public key to remote server:
$ scp ~/.ssh/id_dsa.pub vivek@server.nixcraft.in:.ssh/authorized_keys
Now you can login without a password. For more information see - howto setup SSH with DSA public key authentication and RSA key authentication for password less login.

Now create a simple shell script as follows:
$ vi backup.sh
Append code:
#!/bin/bash
rsync --exclude '*.cpp' --exclude '*.log' -avz -e ssh vivek@server.nixcraft.in:/home/vivek/ /backup

Setup executable permission using chmod command:
$ chmod +x backup.sh
Use cron to command to backup remote server:
$ crontab -e
Make a backup everyday:
@daily /path/to/backup.sh
Save and close the file.

When I run ssh command I get an error which read as follows:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5c:9b:16:56:a6:cd:11:10:3a:cd:1b:a2:91:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:1
RSA host key for ras.mydomain.com has changed and you have requested strict checking.
Host key verification failed.

How do I get rid of this message?
[click to continue…]