{"id":990,"date":"2025-10-25T01:58:10","date_gmt":"2025-10-25T09:58:10","guid":{"rendered":"https:\/\/www.eskimo.com\/services\/?page_id=990"},"modified":"2025-10-25T16:45:06","modified_gmt":"2025-10-26T00:45:06","slug":"known-hosts-and-ssh-keys","status":"publish","type":"page","link":"https:\/\/www.eskimo.com\/services\/known-hosts-and-ssh-keys\/","title":{"rendered":"Known Hosts and SSH Keys"},"content":{"rendered":"

Known Hosts and SSH Keys<\/span><\/p>\n

Known Hosts<\/span><\/h2>\n
\n

The first time you use ssh to connect to one of our shell servers you will see a message like this:<\/span><\/p>\n<\/div>\n

The authenticity of host ‘debian.eskimo.com (66.114.134.203)’ can’t be established.<\/span><\/strong><\/span>
\nED25519 key fingerprint is SHA256:rroEtbPOwxC7+3hkdlzjc6\/2q+0uqVUXaxwSn1NOpv0.<\/span><\/strong><\/span>
\nThis key is not known by any other names.<\/span><\/strong><\/span>
\nAre you sure you want to continue connecting (yes\/no\/[fingerprint])?<\/span><\/strong><\/span><\/p>\n

Respond Yes.<\/span><\/p>\n

If we have re-installed a system the old host keys will be replaced with new keys.\u00a0 In this case if you have previously connected you will get a message like this:<\/span><\/p>\n

ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@<\/span><\/strong><\/span>
\nERROR: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @<\/span><\/strong><\/span>
\nERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@<\/span><\/strong><\/span>
\nERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!<\/span><\/strong><\/span>
\nERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)!<\/span><\/strong><\/span>
\nERROR: It is also possible that a host key has just been changed.<\/span><\/strong><\/span>
\nERROR: The fingerprint for the ECDSA key sent by the remote host is<\/span><\/strong><\/span>
\nERROR: SHA256:uMN7fJ633Pnr0vHy5JTh8n0JBzexlWgD\/BEEX6Qx9e8.<\/span><\/strong><\/span>
\nERROR: Please contact your system administrator.<\/span><\/strong><\/span>
\nERROR: Add correct host key in \/home\/nanook\/.ssh\/known_hosts to get rid of this message.<\/span><\/strong><\/span>
\nERROR: Offending ECDSA key in \/home\/nanook\/.ssh\/known_hosts:194<\/span><\/strong><\/span>
\nERROR: remove with:<\/span><\/strong><\/span>
\nERROR: ssh-keygen -f ‘\/home\/nanook\/.ssh\/known_hosts’ -R ‘debian.eskimo.com’<\/span><\/strong><\/span>
\nERROR: Host key for debian.eskimo.com has changed and you have requested strict checking.<\/span><\/strong><\/span>
\nERROR: Host key verification failed.<\/span><\/strong><\/span><\/p>\n

In this case on your machine type: <\/span>ssh-keygen -f ‘\/home\/nanook\/.ssh\/known_hosts’ -R ‘debian.eskimo.com’<\/span><\/strong><\/span><\/p>\n

Substitute your home directory for \/home\/nanook and substitute the hostname you are trying to connect to for ‘debian.eskimo.com’<\/span><\/strong>.<\/span><\/p>\n

Once you do this our machine will be unknown to you and you will get the message up above and then just accept to add to your ,known_hosts when prompted.<\/span><\/p>\n

Note, some people are concerned that they might be connecting to the wrong host.\u00a0 We take precautions to prevent our name servers from being poisoned.\u00a0 We have a stealth master server, that is a DNS server not visible to the outside world and all of our slave name servers only accept updates from it.<\/span><\/p>\n

Our hosts will all have IPv4 addresses in the range of 66.114.134.193-224 and ipv6 addresses in\u00a0 2001:560:4407:1::\/64 subnet.<\/span><\/p>\n

SSH Keys<\/span><\/h2>\n

SSH Keys allow you to authenticate using a cryptographic signature rather than using a password.\u00a0 This allows you to connect without using a password.<\/span><\/p>\n

To use ssh keys first you need to generate a key, to do this use ssh-keygen, I recommend using

\u00a0 \u00a0 \u00a0ssh-keygen -t ed25519<\/span><\/p>\n

then hit enter to default all the questions.\u00a0 Do not assign a password or pass phrase unless you want to have to type it when you connect.<\/span><\/p>\n

After creating a key you will then want to copy it to the host you wish to connect to, to do this use:<\/span><\/p>\n

\u00a0 \u00a0 \u00a0ssh-copy-id user@hostname.eskimo.com<\/span><\/p>\n

Our host will then prompt for your password, if typed successfully it will then store a copy of your key in your home directory under .ssh and then you will be able to connect just using ssh without a password:<\/span><\/p>\n

\u00a0 \u00a0 \u00a0ssh user@hostname.eskimo.com<\/span><\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Known Hosts and SSH Keys Known Hosts The first time you use ssh to connect to one of our shell servers you will see a message like this: The authenticity of host ‘debian.eskimo.com (66.114.134.203)’ can’t be established. ED25519 key fingerprint … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-990","page","type-page","status-publish","hentry","wpautop"],"_links":{"self":[{"href":"https:\/\/www.eskimo.com\/services\/wp-json\/wp\/v2\/pages\/990","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.eskimo.com\/services\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.eskimo.com\/services\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.eskimo.com\/services\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.eskimo.com\/services\/wp-json\/wp\/v2\/comments?post=990"}],"version-history":[{"count":4,"href":"https:\/\/www.eskimo.com\/services\/wp-json\/wp\/v2\/pages\/990\/revisions"}],"predecessor-version":[{"id":994,"href":"https:\/\/www.eskimo.com\/services\/wp-json\/wp\/v2\/pages\/990\/revisions\/994"}],"wp:attachment":[{"href":"https:\/\/www.eskimo.com\/services\/wp-json\/wp\/v2\/media?parent=990"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}