We are standardizing the SSH host keys across all of our systems. Our server signature keys will change TODAY (August 24) at 4PM. You will need to update your SSH clients.
We are standardizing the SSH host keys across all of our systems. Our server signature keys will change TODAY (August 24) at 4PM.
In the past, our host keys changed frequently; for example, after a system upgrade. With this update, we will standardize our keys, and make them predictable and consistent. Since keys will not change after this update, it will be easier to verify that you are connecting to a legitimate server and not being exploited via a man-in-the-middle attack.
However, this change means that you will need to delete any RCC hosts keys that are stored on your SSH client. Full details for how to do this are available on our website at https://rcc.fsu.edu/doc/ssh#changed-host-keys. The easiest method is to delete or move your ~/.ssh/known_hosts file:
mv ~/.ssh/known_hosts ~/.ssh/known_hosts_backup
The first time you attempt to connect to an RCC server after you have deleted your client keys, you will be asked to verify the host. The message may look something like this:
The authenticity of host 'hpc-login-34 (126.96.36.199)' can't be established. ED25519 key fingerprint is SHA256:OdDmdK7PRmQXgwOpVbWWC/EPE1fg9H0mlsL0m3H9JKI. Are you sure you want to continue connecting (yes/no)?
Before you should verify the fingerprint by comparing it our published keys at https://rcc.fsu.edu/doc/ssh#server-signatures.
If you have any questions, please let us know: email@example.com