Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Failed connection with scp
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
paradigm-X
Apprentice
Apprentice


Joined: 19 Sep 2013
Posts: 168
PostPosted: Sun Jan 19, 2014 7:00 pm    Post subject: Failed connection with scp Reply with quote
I find it convenient to use 'scp' to transfer files from the host to a guest, or to retrieve files from the guest, especially with NAT interfaces because it works even when the guest is disconnected from all the rest of the LAN for whatever reason. Recently I had a problem with this procedure, for which I cannot understand the cause. So I just ended up working around it instead of properly solving it because I was pressed for time, and because patience is not really a virtue of mine. :P

Previously I had made an scp connection with a particular guest, and its authentication file was put into '/known_hosts' when I did. Then I needed to reinstall the guest and reconnect with scp. While trying to do so, I was getting an authentication warning about its RSA fingerprint having changed and that I could not establish another connection because I have "strict checking" set. However, I double-checked the host's '/etc/ssh/ssh_config' file to see the setting for "StrictHostKeyChecking", and it was assigned the value "ask", both by default apparently and by the fact that I specifically uncommented this line. I am not aware of another parameter in this configuration file, or elsewhere, capable of overriding StrictHostKeyChecking option. If anyone has an idea concerning this issue, I would appreciate hearing about it.

As it is, I simple removed the offending entry in the 'known_hosts' file and made the connection regardless. Both of these hosts are under my control on the same machine on the LAN.

-----------------
Despite the fact that the local admin has graciously assigned me a new appelation of "Tux's lil' helper", I have to question his judgment in this regard because I do still feel like a "noob" more often than I care to admit! Nevertheless, with all due respect I shall accept his learned decision and do my best to live up to his due! Gracias, amigo, muchas gracias. :)
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21631
PostPosted: Sun Jan 19, 2014 7:58 pm    Post subject: Reply with quote
Could you explain what you want to know? According to the man page, you received exactly the expected result. You were asked about the key when it was new, and warned+refused when it was known to be different from what was presented.
Back to top
View user's profile Send private message
paradigm-X
Apprentice
Apprentice


Joined: 19 Sep 2013
Posts: 168
PostPosted: Sun Jan 19, 2014 8:16 pm    Post subject: Reply with quote
Hello, Hu.

"I double-checked the host's '/etc/ssh/ssh_config' file to see the setting for "StrictHostKeyChecking", and it was assigned the value "ask".


You see, if I have the setting on "ask", then it seems to me I should be asked something about whether I want to make a connection with the other host, and, naturally, be given the opportunity to connect based on my response. However, I was not asked anything. I was simply advised that the host key was invalid and then disconnected. The refusal occurred both whe comment and uncommented settings were in place. What am I missing?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21631
PostPosted: Sun Jan 19, 2014 10:20 pm    Post subject: Reply with quote
The manual page states:
man 5 ssh_config wrote:
If this flag is set to ``ask'',
new host keys will be added to the user known host files only
after the user has confirmed that is what they really want to do,
and ssh will refuse to connect to hosts whose host key has
changed. The host keys of known hosts will be verified automati-
cally in all cases.
You were asked whether to connect when the host was unknown. When the host was known and presented the wrong host key, you were refused a connection, exactly as designed. Hosts do not change their ssh keys lightly, so users should not lightly accept unexpected keys.
Back to top
View user's profile Send private message
paradigm-X
Apprentice
Apprentice


Joined: 19 Sep 2013
Posts: 168
PostPosted: Sun Jan 19, 2014 11:51 pm    Post subject: Reply with quote
Yes, I see now the error of my ways. I merely interpreted the scope of its asking a bit too liberally. Well, excellent then! Thanks for the clarification, Hu.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy