Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
fuss:openssh [2019/05/03 09:08] – [Restrict Users to SFTP only Instead of SSH] officefuss:openssh [2025/02/16 15:33] (current) – external edit 127.0.0.1
Line 1: Line 1:
-====== Remove Duplicate Keys ====== 
- 
-Sometimes when ''IP'' addresses change or servers get moved around the ''known_hosts'' file in the ''.ssh'' hidden directory gets updated with two keys for the same ''IP''. In that case, when you try to ''ssh'' to the sever again, you get a message about an offending key: 
- 
-<code> 
-Warning: the ECDSA host key for 'server.com' differs from the key for the IP address '118.82.143.119' 
-Offending key for IP in /home/debian/.ssh/known_hosts:30 
-Matching host key in /home/debian/.ssh/known_hosts:38 
-Are you sure you want to continue connecting (yes/no)? 
- 
-</code> 
- 
-The offending key can be removed easily using ''sed'': 
-<code bash> 
-sed -i 30d /home/debian/.ssh/known_hosts 
-</code> 
- 
-which deletes line ''30'' from the ''known_hosts'' file. 
  
 ====== Generate Public Key ====== ====== Generate Public Key ======
Line 270: Line 252:
 </code> </code>
  
 +====== Fixing Various Network Issues ======
  
 +Any of the following symptoms are to be detected?
 +  * SSH connections drop,
 +  * issuing commands with large output over SSH makes the SSH session hang
 +
 +They may all boil down to a non-uniform MTU setting across the network. This problem typically shows up with IoT devices (including the Raspberry Pi) that have a trimmed down networking stack (either wireless or low end network devices) that do not allow setting the MTU past ''9000''.
 +
 +In case changing the MTU for the entire network is undesirable, then make sure that the settings:
 +<code>
 +net.ipv4.ip_no_pmtu_disc = 1
 +net.ipv4.tcp_mtu_probing = 2
 +</code>
 +
 +are set with ''sysctl'' on the device and on the gateway endpoint. Similarly, ICMP and IGMP should not be blocked across the network because the packets are crucial to negotiating packet transfers.
 +
 +====== Remove Host and Key from SSH (known_hosts) ======
 +
 +{{fuss:fuss_security_ssh_known_hosts_meme.png?512}}
 +
 +Or better yet:
 +<code bash>
 +sed '/hostname/d' ~/.ssh/known_hosts
 +</code>
 +where:
 +  * ''hostname'' is the offending hostname
  
  

fuss/openssh.1556874490.txt.gz · Last modified: 2019/05/03 09:08 by office

Wizardry and Steamworks

© 2025 Wizardry and Steamworks

Access website using Tor Access website using i2p Wizardry and Steamworks PGP Key


For the contact, copyright, license, warranty and privacy terms for the usage of this website please see the contact, license, privacy, copyright.