Solved

Can the SSH Host Key Fingerprint be changed?

Posted on 2008-10-28
6
893 Views
Last Modified: 2013-12-04
We are using IBM Director 5.20.3 for managing our Windows physical and virtual systems.  When manually adding (by IP address) Macintoshes running 10.4.11, the system happily recognizes them, accepts the Mac's local administrative username and password for access, and fully supports SSH console connections to each Mac.

However, we have two Macs that are seen by IBM Director as a single system with two IP addresses.  Adding one of the two Macs adds it to the list of managed systems normally.  Then adding the second of the two Macs, will simply relock the listing of the first, and, once unlocked again, shows both IP address for the one system.  The two models in play are totally different--one's a Mac Pro G5, the other a Mac Mini.  We have other G5's in the system without issue, but we only have the one Mini.

The Macs were purchased long before my arrival to this organization, so I do not know how they were deployed.  It's easy to guess that they were probably imaged, possibly from the same image.  Given IBM Director's confusion, there's obviously something indentifying on both systems that makes IBM Director think they're the same system.

My first guess is perhaps the SSH Host Key Fingerprint which IBM Director displays in the system information for the "combined" Macs.  All of the other five Macs we've added to IBM Director show unique keys, so if the two Macs in question have the same key, could that be the issue?

If it is the SSH Host Key Fingerprint, or just to rule it out, can someone provide the command lines to change the sshe host key fingerprint?  (My expertise is totally Windows, and OS X GUI.)

Dimarc67
New York, NY
0
Comment
Question by:Dimarc67
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 5

Expert Comment

by:cmaohio
ID: 22825278
The fingerprint would be changed using the SSHD commands in the terminal. Since the Mac is built on linux, you should be able to create new keys with that. This should help I think: http://pkeck.myweb.uga.edu/ssh/
0
 
LVL 4

Author Comment

by:Dimarc67
ID: 22825537
Thanks, but I've already tried this procedure.  I generated both rsa and dsa keys on one of the two Macs, logged in as root, but the current key remains unchanged.  

Does the system need to be rebooted for the new key to be used?  Is there a service that I can restart via terminal that may cause the new key to be recognized?  It'd be a big help to avoid rebooting the system.
0
 
LVL 5

Expert Comment

by:cmaohio
ID: 22825663
the service, i think needs to be restarted. The command should be:

sudo killall sshd; sudo sshd
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 4

Author Comment

by:Dimarc67
ID: 22826068
Big tip for anyone reading this:
Don't try to kill the sshd service through an ssh session.  :-)

After I was disconnected, I was able to ask the user to reboot the system, but it doesn't seem to have had any effect.  After removing and re-adding the system in IBM Director, the reported SSH Host Key Fingerprint remains unchanged.  

It lists the key as "ssh-rsa 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx" (x's are digits).  I previously successfully generated an rsa key, apparently ineffectually.  Is there anything more that should be done to allow the system to forget the old key, or recognize the new one?
0
 
LVL 6

Expert Comment

by:James Looney
ID: 22839885
0
 
LVL 6

Accepted Solution

by:
James Looney earned 500 total points
ID: 22839908
oh and if the Director thingy is just reading in from the system list of keys it has seen in the past, you can edit those here:

~/.ssh/known_hosts  (where ~ is the user's home directory)

If you edit those (delete the duplicates), then reconnect to the networked  machines, it'll restore the keys for each machine.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
A professional opinion on which Apple product to buy, and a tidbit about the WWDC.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question