|
Verfasst am: 16. 11. 2011 [12:24]
|
|
cochrane
Paul Cochrane
Dabei seit: 14.09.2010
Beiträge: 145
|
Liebe Nutzerin, lieber Nutzer,
um den Zugang zum Clustersystem etwas bequemer zu machen haben wir einen
besonderen Namen für die Loginknoten erstellt:
login-node.rrzn.uni-hannover.de. Diese Adresse kann man anstatt
orac.rrzn.uni-hannover.de bzw. avon.rrzn.uni-hannover.de benutzen. Leider
um dies zu ermöglichen müssen die SSH-Hostkeys auf Orac geändert werden.
Deshalb wird es passieren, dass man eine Meldung ähnlich wie folgendes
bekommt:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for login-node has changed,
and the key for the corresponding IP address 130.75.6.79
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/<username>/.ssh/known_hosts:352
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d4:fd:51:05:05:bd:90:33:f0:90:30:00:d8:af:cd:f3.
Please contact your system administrator.
Add correct host key in /home/<username>/.ssh/known_hosts to get rid of this message.
Offending key in /home/<username>/.ssh/known_hosts:361
RSA host key for login-node has changed and you have requested strict checking.
Host key verification failed.
IN DIESEM FALLE ist es nicht schlimm. Falls diese Meldung in der Zukunft
bei Ihnen auftaucht, sollten Sie bitte umgehend an das Clusterteam
(cluster-help@rrzn.uni-hannover.de) wenden.
Auf einem Linux- (oder Unix-) System korrigiert man dieses Problem mit den
folgenden Befehlen:
$ ssh-keygen -R orac
$ ssh-keygen -R orac.rrzn.uni-hannover.de
$ ssh-keygen -R 130.75.6.79
Man wird beim nächsten Login auf Orac eine Meldung bekommen, dass der
Hostkey nicht bekannt ist und dies sollte man akzeptieren. Z.B:
$ ssh login-node
The authenticity of host 'login-node (130.75.6.71)' can't be established.
RSA key fingerprint is b4:70:0a:49:fd:38:e3:27:43:c9:84:8b:9d:56:bc:2d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'login-node' (RSA) to the list of known hosts.
Unter Windows wird das ähnlich laufen, aber es gibt so viele Programme, die
man unter Windows benutzen kann auf die Loginknoten zuzugreifen, ist es
leider nicht möglich sie alle hier zu beschreiben. Man bekommt Anweisungen
über was man machen muss damit die neuen Hostkeys akzeptiert werden und man
sollte diesen Anweisungen folgen.
Wir bedauern die Umstände aber verbessern nach und nach das gesamte System
Vielen Dank für Ihr Verständnis!
Ihr Clusterteam
==========================================================================
Dear user,
in order to make access to the cluster system more comfortable we have set
up a special name for the login nodes, namely:
login-node.rrzn.uni-hannover.de. One can use this new address instead of
orac.rrzn.uni-hannover.de or avon.rrzn.uni-hannover. Unfortunately, so that
we were able to do this, the SSH host keys on Orac had to be changed.
Therefore, when you next log into Orac that the following warning will
appear:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for login-node has changed,
and the key for the corresponding IP address 130.75.6.79
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/<username>/.ssh/known_hosts:352
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d4:fd:51:05:05:bd:90:33:f0:90:30:00:d8:af:cd:f3.
Please contact your system administrator.
Add correct host key in /home/<username>/.ssh/known_hosts to get rid of this message.
Offending key in /home/<username>/.ssh/known_hosts:361
RSA host key for login-node has changed and you have requested strict checking.
Host key verification failed.
IN THIS CASE it is not a problem. However, in case you receive this warning
in the future, please contact the cluster team
(cluster-help@rrzn.uni-hannover.de) as soon as possible.
On a Linux or Unix system it is possible to correct this problem with the
following commands:
$ ssh-keygen -R orac
$ ssh-keygen -R orac.rrzn.uni-hannover.de
$ ssh-keygen -R 130.75.6.79
When one logs into Orac the next time a warning will appear that the host
key is not known; this should be accepted so that one doesn't receive
further unnecessary warnings. For example:
$ ssh login-node
The authenticity of host 'login-node (130.75.6.71)' can't be established.
RSA key fingerprint is b4:70:0a:49:fd:38:e3:27:43:c9:84:8b:9d:56:bc:2d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'login-node' (RSA) to the list of known hosts.
On Windows systems it is likely to be very similar, however there are many
programs which one can use to access the login nodes, that it is
unfortunately not possible to explain them all here. However, one should
receive relevant warning messages which will explain how one is to accept
the new host keys and you should follow these instructions.
We apologise for the inconvenience, however are improving bit by bit the
entire cluster system
May thanks for your understanding!
Your cluster team
|
Top
Druckversion