Friday, April 23, 2010

Locked out of my own website!

I tried to ssh into our server, now hosted at linode.net. I got a notice, all scary-like:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for zimres.net has changed,
and the key for the corresponding IP address 74.207.247.190
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/valorie/.ssh/known_hosts:4
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.

Of course, that last bit is the important part. The host key has been changed. How to fix that at my end? My son said to edit out the line in my ~/.ssh/known_hosts file. However, when I opened Kate to edit it, I saw:

|1|2ZZc4RXTORIrgsDBWb2zqWRRw8s=|ZJCjvrfPLAEPwVQ6lGdYtVhoAK0= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqp3hNrWz5ZWwogg1In70rBynezwkleYbOAgtDdbR7dfrcGJC/deLeprn+bXgfeO058EeHqAeU0be5tn1siui+GWm9rQ1PEfrT46fZCgSWeZVYVcQ5vRQItN/a6XFe00WPWrYEhXwgmM6la2gm8kOa5kCTSDOIN8v5XcqA85Pbnd57zmAcVWejaYndk1SkO9V1ctrxz8yGM6NuN+ThawQaLa1tWuj4aKFNWj2DBc3Dyx1IztUFdN0GcIRRg47qwU7KQGqv/2g77gsRmSvVILrRy1CR82lrsxpo5SdvMkqFJQSz/jyTN1x/6FbGJjAwkhIBQXkpQyxmQwzFb/Hf/pgMw==
|1|qZ+nY7U1kgMnDp26n6sdtbh+lmQ=|KGnxdNek7Rs137p3NgH3ZaLijdI= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqp3hNrWz5ZWwogg1In70rBynezwkleYbOAgtDdbR7dfrcGJC/deLeprn+bXgfeO058EeHqAeU0be5tn1siui+GWm9rQ1PEfrT46fZCgSWeZVYVcQ5vRQItN/a6XFe00WPWrYEhXwgmM6la2gm8kOa5kCTSDOIN8v5XcqA85Pbnd57zmAcVWejaYndk1SkO9V1ctrxz8yGM6NuN+ThawQaLa1tWuj4aKFNWj2DBc3Dyx1IztUFdN0GcIRRg47qwU7KQGqv/2g77gsRmSvVILrRy1CR82lrsxpo5SdvMkqFJQSz/jyTN1x/6FbGJjAwkhIBQXkpQyxmQwzFb/Hf/pgMw==
|1|U+ZwcJShMD52Hxfk+BnxgfDnH4o=|QepSzrHlsR1vchO12+soBb1mAwo= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAysa2byLN+E1SeM8Wo7kMGLE+BPAg3nkKg5OhKmssRj945kKuqCBy3wvwVcrfe4zSvVMfotN06tAvmdflFokNXv9ANZJ9qu42HeFxNwkIz04w5E9YeHEG4rTtUW0dSsp13kcaU5Jp3z60C4QNUfZuNOGQmV+yYlOCiLXgR6eYmtkC+/hKZhPkO4GbxwLlEzW5Rzd8vy5czN87Pnr4Z1a/g+T+xKil8B2K41160+GQQNIPfYUCGnA9ccw1kRmWIYV+omJieXiigawUvhnQoHmWRllUhOq6y5jhvQVseO7S+EVFobMFxZ/P2+SzOlg2KaZu/8M0YZtxcrSM8NHnZLq+iw==
|1|b6NemVdIE2FvkU5/cH5FXaDbUks=|Hr4ppmN0hOhCb5ey2NS1yaeuits= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAysa2byLN+E1SeM8Wo7kMGLE+BPAg3nkKg5OhKmssRj945kKuqCBy3wvwVcrfe4zSvVMfotN06tAvmdflFokNXv9ANZJ9qu42HeFxNwkIz04w5E9YeHEG4rTtUW0dSsp13kcaU5Jp3z60C4QNUfZuNOGQmV+yYlOCiLXgR6eYmtkC+/hKZhPkO4GbxwLlEzW5Rzd8vy5czN87Pnr4Z1a/g+T+xKil8B2K41160+GQQNIPfYUCGnA9ccw1kRmWIYV+omJieXiigawUvhnQoHmWRllUhOq6y5jhvQVseO7S+EVFobMFxZ/P2+SzOlg2KaZu/8M0YZtxcrSM8NHnZLq+iw==

What the heck? I went to #linuxchix to seek counsel, and rik was around to tell me that that's a hash of the hostnames. He said, "the idea of hashing the hostnames was to stop an exploit [of someone who] got in as one user then using your keys (if you had then in an agent) to ssh in to every other host in your known_hosts file." Which would be a bad thing!

So in the console, I ran ssh-keygen -R zimres.net
and got back: /home/valorie/.ssh/known_hosts updated.
Original contents retained as /home/valorie/.ssh/known_hosts.old

and wooooohooooooooooo I'm in!

Thank you Thomas, rik and the linuxchix!

Thanks to all my commenters, too. Once I knew what was going on, the error message made more sense to me. That's the problem with error messages the first time you see them; you don't know enough to make sense of them. Often I google the error feedback in quotes, and sometimes that gets me the answer I need. Perhaps I should have tried that this time, but whining in IRC worked faster. :-)