Solved

Can the SSH Host Key Fingerprint be changed?

Posted on 2008-10-28
6
892 Views
Last Modified: 2013-12-04
We are using IBM Director 5.20.3 for managing our Windows physical and virtual systems.  When manually adding (by IP address) Macintoshes running 10.4.11, the system happily recognizes them, accepts the Mac's local administrative username and password for access, and fully supports SSH console connections to each Mac.

However, we have two Macs that are seen by IBM Director as a single system with two IP addresses.  Adding one of the two Macs adds it to the list of managed systems normally.  Then adding the second of the two Macs, will simply relock the listing of the first, and, once unlocked again, shows both IP address for the one system.  The two models in play are totally different--one's a Mac Pro G5, the other a Mac Mini.  We have other G5's in the system without issue, but we only have the one Mini.

The Macs were purchased long before my arrival to this organization, so I do not know how they were deployed.  It's easy to guess that they were probably imaged, possibly from the same image.  Given IBM Director's confusion, there's obviously something indentifying on both systems that makes IBM Director think they're the same system.

My first guess is perhaps the SSH Host Key Fingerprint which IBM Director displays in the system information for the "combined" Macs.  All of the other five Macs we've added to IBM Director show unique keys, so if the two Macs in question have the same key, could that be the issue?

If it is the SSH Host Key Fingerprint, or just to rule it out, can someone provide the command lines to change the sshe host key fingerprint?  (My expertise is totally Windows, and OS X GUI.)

Dimarc67
New York, NY
0
Comment
Question by:Dimarc67
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 5

Expert Comment

by:cmaohio
ID: 22825278
The fingerprint would be changed using the SSHD commands in the terminal. Since the Mac is built on linux, you should be able to create new keys with that. This should help I think: http://pkeck.myweb.uga.edu/ssh/
0
 
LVL 4

Author Comment

by:Dimarc67
ID: 22825537
Thanks, but I've already tried this procedure.  I generated both rsa and dsa keys on one of the two Macs, logged in as root, but the current key remains unchanged.  

Does the system need to be rebooted for the new key to be used?  Is there a service that I can restart via terminal that may cause the new key to be recognized?  It'd be a big help to avoid rebooting the system.
0
 
LVL 5

Expert Comment

by:cmaohio
ID: 22825663
the service, i think needs to be restarted. The command should be:

sudo killall sshd; sudo sshd
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 4

Author Comment

by:Dimarc67
ID: 22826068
Big tip for anyone reading this:
Don't try to kill the sshd service through an ssh session.  :-)

After I was disconnected, I was able to ask the user to reboot the system, but it doesn't seem to have had any effect.  After removing and re-adding the system in IBM Director, the reported SSH Host Key Fingerprint remains unchanged.  

It lists the key as "ssh-rsa 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx" (x's are digits).  I previously successfully generated an rsa key, apparently ineffectually.  Is there anything more that should be done to allow the system to forget the old key, or recognize the new one?
0
 
LVL 6

Expert Comment

by:James Looney
ID: 22839885
0
 
LVL 6

Accepted Solution

by:
James Looney earned 500 total points
ID: 22839908
oh and if the Director thingy is just reading in from the system list of keys it has seen in the past, you can edit those here:

~/.ssh/known_hosts  (where ~ is the user's home directory)

If you edit those (delete the duplicates), then reconnect to the networked  machines, it'll restore the keys for each machine.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question