Can the SSH Host Key Fingerprint be changed?

Posted on 2008-10-28
Medium Priority
Last Modified: 2013-12-04
We are using IBM Director 5.20.3 for managing our Windows physical and virtual systems.  When manually adding (by IP address) Macintoshes running 10.4.11, the system happily recognizes them, accepts the Mac's local administrative username and password for access, and fully supports SSH console connections to each Mac.

However, we have two Macs that are seen by IBM Director as a single system with two IP addresses.  Adding one of the two Macs adds it to the list of managed systems normally.  Then adding the second of the two Macs, will simply relock the listing of the first, and, once unlocked again, shows both IP address for the one system.  The two models in play are totally different--one's a Mac Pro G5, the other a Mac Mini.  We have other G5's in the system without issue, but we only have the one Mini.

The Macs were purchased long before my arrival to this organization, so I do not know how they were deployed.  It's easy to guess that they were probably imaged, possibly from the same image.  Given IBM Director's confusion, there's obviously something indentifying on both systems that makes IBM Director think they're the same system.

My first guess is perhaps the SSH Host Key Fingerprint which IBM Director displays in the system information for the "combined" Macs.  All of the other five Macs we've added to IBM Director show unique keys, so if the two Macs in question have the same key, could that be the issue?

If it is the SSH Host Key Fingerprint, or just to rule it out, can someone provide the command lines to change the sshe host key fingerprint?  (My expertise is totally Windows, and OS X GUI.)

New York, NY
Question by:Dimarc67
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2

Expert Comment

ID: 22825278
The fingerprint would be changed using the SSHD commands in the terminal. Since the Mac is built on linux, you should be able to create new keys with that. This should help I think: http://pkeck.myweb.uga.edu/ssh/

Author Comment

ID: 22825537
Thanks, but I've already tried this procedure.  I generated both rsa and dsa keys on one of the two Macs, logged in as root, but the current key remains unchanged.  

Does the system need to be rebooted for the new key to be used?  Is there a service that I can restart via terminal that may cause the new key to be recognized?  It'd be a big help to avoid rebooting the system.

Expert Comment

ID: 22825663
the service, i think needs to be restarted. The command should be:

sudo killall sshd; sudo sshd
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 22826068
Big tip for anyone reading this:
Don't try to kill the sshd service through an ssh session.  :-)

After I was disconnected, I was able to ask the user to reboot the system, but it doesn't seem to have had any effect.  After removing and re-adding the system in IBM Director, the reported SSH Host Key Fingerprint remains unchanged.  

It lists the key as "ssh-rsa 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx" (x's are digits).  I previously successfully generated an rsa key, apparently ineffectually.  Is there anything more that should be done to allow the system to forget the old key, or recognize the new one?

Expert Comment

by:James Looney
ID: 22839885

Accepted Solution

James Looney earned 1500 total points
ID: 22839908
oh and if the Director thingy is just reading in from the system list of keys it has seen in the past, you can edit those here:

~/.ssh/known_hosts  (where ~ is the user's home directory)

If you edit those (delete the duplicates), then reconnect to the networked  machines, it'll restore the keys for each machine.

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
A professional opinion on which Apple product to buy, and a tidbit about the WWDC.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question