TurnKey Linux Virtual Appliance Library

Upgrade RSA key changed and SSH issue

I did a system upgraded for two computers, which can ssh each other without a password. After I reboot, i got the following message

 

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d8:6e:d7:61:8e:b8:0c:ef:6d:a3:3a:36:b5:1d:c2:fc.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:1
 
I corrected them manually. However, everytime I reboot, the system seems will change default RSA again, any idea why? What is the solution?
 
J.

  root@OSCAR-SLAVE

 

root@OSCAR-SLAVE /etc/ssh# ls -la
total 156
drwxr-xr-x   2 root root   4096 Mar  8 09:51 .
drwxr-xr-x 107 root root   4096 Mar  8 09:51 ..
-rw-r--r--   1 root root 125749 May 19  2010 moduli
-rw-r--r--   1 root root   1616 May 19  2010 ssh_config
-rw-------   1 root root    668 Mar  8 09:51 ssh_host_dsa_key
-rw-r--r--   1 root root    606 Mar  8 09:51 ssh_host_dsa_key.pub
-rw-------   1 root root   1675 Mar  8 09:51 ssh_host_rsa_key
-rw-r--r--   1 root root    398 Mar  8 09:51 ssh_host_rsa_key.pub
-rw-r--r--   1 root root   2453 Dec 19  2010 sshd_config
 
It looks like that those keys changed after every reboot, how do I stop this?
 
J.

I think inithook has a bug

I think inithook has a bug here.

Jeremy's picture

When you say you upgraded

I'm assuming that you did 'apt-get upgrade'?

It is possible that you are right as I noticed that Alon (TKL core dev) updated inithooks to make it compatible with the new Debian release:

Upgraded to latest inithooks version (adhoc re-initialization via turnkey-init)

Assuming that it may be an inithooks bug, then you could double check the inithooks config. There should be enough info in the TKL docs about it to head you in the right direction there.

You could also try downgrading the package (back to what it was). All the upgraded packages should be in /var/cache/apt/archives (unless you've run 'apt-get clean'). If you haven't cleaned up for a while you may even have a previous version in there which you could downgrade to, otherwise you'll have to manually download a previous version from the TKL repo (check your /etc/apt/sources.list for that). Then manually install the older version: 'dpkg -i <package-name>.deb'.

Sorry I haven't got time to give you any more detailed info/help with this. If you confirm that it is a bug in inithooks then it'd be great if you could log a biug.

Solution

edit  /etc/default/inithooks

Change:

RUN_FIRSTBOOT=true

To:

RUN_FIRSTBOOT=false

Hi Gabriel, Thanks. I used

Hi Gabriel,

Thanks. I used the following command

 

update-rc.d -f inithooks remove

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)