MCSR Parallel-O-Gram

E-Newsletter/Blog of the Mississippi Center for Supercomputing Research

Sequoia Key Change

Posted on: December 8th, 2011 by Brian Hopkins

While adding nodes yesterday, we were forced to regenerate RSA keys for sequoia (both the head node and all of its compute nodes). If you’ve been getting error messages like this:

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
8c:fe:12:eb:7a:c6:41:bf:b7:b9:
f1:67:ad:69:06:0d.
Please contact your system administrator.
Add correct host key in /home/r1260/.ssh/known_hosts to get rid of this message.
Offending key in /home/r1260/.ssh/known_hosts:2
RSA host key for sequoia has changed and you have requested strict checking.
Host key verification failed.

this is simply a symptom of the new key generation. You are not being hacked; there is no man-in-the-middle attack in progress.

To correct the problem, we’ve run a script that automatically deleted everyone’s known_hosts file. Thus, from this point forward you will not see the above error message, but probably will see a message like this:

The authenticity of host ‘sequoia (130.74.110.18)’ can’t be established.
RSA key fingerprint is 8c:fe:12:eb:7a:c6:41:bf:b7:b9:f1:67:ad:69:06:0d.
Are you sure you want to continue connecting (yes/no)?

Just type yes (the whole word) at the prompt and connect as normal. This will only come up once; once you’ve accepted the new key all subsequent connections will happen normally.

Because we deleted the whole known_hosts file, you will need to type ‘yes’ when connecting to redwood for the first time after today as well.

Please contact MCSR staff at assist@mcsr.olemiss.edu with any questions.