Solved

Can the SSH Host Key Fingerprint be changed?

Posted on 2008-10-28
6
888 Views
Last Modified: 2013-12-04
We are using IBM Director 5.20.3 for managing our Windows physical and virtual systems.  When manually adding (by IP address) Macintoshes running 10.4.11, the system happily recognizes them, accepts the Mac's local administrative username and password for access, and fully supports SSH console connections to each Mac.

However, we have two Macs that are seen by IBM Director as a single system with two IP addresses.  Adding one of the two Macs adds it to the list of managed systems normally.  Then adding the second of the two Macs, will simply relock the listing of the first, and, once unlocked again, shows both IP address for the one system.  The two models in play are totally different--one's a Mac Pro G5, the other a Mac Mini.  We have other G5's in the system without issue, but we only have the one Mini.

The Macs were purchased long before my arrival to this organization, so I do not know how they were deployed.  It's easy to guess that they were probably imaged, possibly from the same image.  Given IBM Director's confusion, there's obviously something indentifying on both systems that makes IBM Director think they're the same system.

My first guess is perhaps the SSH Host Key Fingerprint which IBM Director displays in the system information for the "combined" Macs.  All of the other five Macs we've added to IBM Director show unique keys, so if the two Macs in question have the same key, could that be the issue?

If it is the SSH Host Key Fingerprint, or just to rule it out, can someone provide the command lines to change the sshe host key fingerprint?  (My expertise is totally Windows, and OS X GUI.)

Dimarc67
New York, NY
0
Comment
Question by:Dimarc67
  • 2
  • 2
  • 2
6 Comments
 
LVL 5

Expert Comment

by:cmaohio
ID: 22825278
The fingerprint would be changed using the SSHD commands in the terminal. Since the Mac is built on linux, you should be able to create new keys with that. This should help I think: http://pkeck.myweb.uga.edu/ssh/
0
 
LVL 4

Author Comment

by:Dimarc67
ID: 22825537
Thanks, but I've already tried this procedure.  I generated both rsa and dsa keys on one of the two Macs, logged in as root, but the current key remains unchanged.  

Does the system need to be rebooted for the new key to be used?  Is there a service that I can restart via terminal that may cause the new key to be recognized?  It'd be a big help to avoid rebooting the system.
0
 
LVL 5

Expert Comment

by:cmaohio
ID: 22825663
the service, i think needs to be restarted. The command should be:

sudo killall sshd; sudo sshd
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 4

Author Comment

by:Dimarc67
ID: 22826068
Big tip for anyone reading this:
Don't try to kill the sshd service through an ssh session.  :-)

After I was disconnected, I was able to ask the user to reboot the system, but it doesn't seem to have had any effect.  After removing and re-adding the system in IBM Director, the reported SSH Host Key Fingerprint remains unchanged.  

It lists the key as "ssh-rsa 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx" (x's are digits).  I previously successfully generated an rsa key, apparently ineffectually.  Is there anything more that should be done to allow the system to forget the old key, or recognize the new one?
0
 
LVL 6

Expert Comment

by:James Looney
ID: 22839885
0
 
LVL 6

Accepted Solution

by:
James Looney earned 500 total points
ID: 22839908
oh and if the Director thingy is just reading in from the system list of keys it has seen in the past, you can edit those here:

~/.ssh/known_hosts  (where ~ is the user's home directory)

If you edit those (delete the duplicates), then reconnect to the networked  machines, it'll restore the keys for each machine.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you come here a lot? Are you lazy like me and don't want to go through the "trouble" of having to click your Dock's Safari icon and then having to click your Experts Exchange Favorites bookmark to get here? Well then this article is for you.
In this article we discuss how to recover the missing Outlook 2011 for Mac data like Emails and Contacts manually.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question