SSH Host Keys:

Fixing your SSH known_hosts file

When you make SSH connections, your known_hosts file will need a hostkey for each shell machine you log into. This file (".ssh/known_hosts") can be found in your home directory (if on a UNIX machine, including a Mac running OS X) or in the directory specified by your SSH client (on a Windows machine; NB: some Windows SSH clients, such as PuTTY, might store hostkey information in the registry, rather than a file, and it might not be easily hand-edited).

The Panix ssh host addresses are as follows:

Without the hostkeys pre-configured in known_hosts, you'll see a warning notice the first time you connect to a specific userhost. The warning will look something like this:

The authenticity of host '[hostname] ([IP address])' can't be
established.
RSA key fingerprint is [key fingerprint].
Are you sure you want to continue connecting (yes/no)?

If you use "shell.panix.com" (or just "panix.com") as the address, you'll see a warning similar to this, if you're connected to a different underlying host from a previous one:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The DSA host key for panix.com has changed,
and the key for the corresponding IP address 166.84.1.2
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in [known_hosts]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle 
attack)!
It is also possible that the DSA host key has just been changed.
The fingerprint for the DSA key sent by the remote host is
c3:66:bb:40:52:99:67:5d:af:21:a6:0c:f6:4b:ce:b3.
Please contact your system administrator.
Add correct host key in [known_hosts] to
get 
rid of this message.
Offending key in [known_hosts]
DSA host key for panix.com has changed and you have requested strict 
checking.
Host key verification failed.

In both cases, accepting the key will add it to known_hosts and prevent further warnings. We advise not blindly accepting keys, and confirming the fingerprints with those we maintain on our secure server.


Out public SSH keys are available on our secure server. You can right-click the links (or control-click if you use a Mac) and save the key files as is, or use the "Save As" option if you prefer.

Save the files as they are: DO NOT copy and paste the keys! Copy/paste operations tend to add newline characters to the keys, which makes them unusable. Use "File:Save As" or the equivalent instead.

You can also make a copy of the fingerprints for comparison should you need to verify a connection from a new machine.

Current valid RSA keys



Last Modified:Thursday, 22-Oct-2015 17:28:08 EDT
© Copyright 2006-2011 Public Access Networks Corporation