Network Engineering Tools

A place for me to share the scripts, tools and hacks I use in my daily life as a network engineer.

Thursday, September 27, 2007

Offensive ssh Keys!

So you've gone an reimaged a system, and that host has new ssh keys, and now you can't just ssh in to it because you've got an "Offending key" in your ~/.ssh/known_hosts file.

You know there's no mitm attack going on here. It's just a common issue when
dealing with lots of machines.

Now you've got to go in and remove one line from that file.
Annoying.

Maybe I shouldn't be reimaging systems so often.

Maybe I should try to save my old keys and then push them out.

Maybe I need a script to make it very easy to fix this problem..
DING!


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef.
Please contact your system administrator.
Add correct host key in /home/jkrauska/.ssh/known_hosts to get rid of this message.
Offending key in /home/jkrauska/.ssh/known_hosts:376
RSA host key for otherbox has changed and you have requested strict checking.
Host key verification failed



So here's a fixer script.
I spent maybe 2 minutes on it, and I used perl for only one line (split), but with some proper bash-fu it should really be done completely in bash. I leave that as an exercise for the reader.

This is a prime example of my tools philosophy. If I need to write something that gets used maybe once a month, there's no need to make it super optimized or perfect. Just "usable".

I called the script "Offending" and put it in my ~/bin dir which is in my PATH.

So I can just copy and past the line that ssh spits, and be on my way.



#!/usr/bin/perl
# Simple bash script to clean known_hosts when you've reinstalled an OS

# USAGE: (paste the line from the ssh output)
# Offending key in /home/jkrauska/.ssh/known_hosts:376
# To remove that line from your known_hosts

($file,$line) = split "\:", $ARGV[2];
if ($file eq "" || $line eq "") {
  print "Error in parsing, unable to grok input\n";
  exit 0;
}
#print "DEBUG FILE:$file\tLINENUMBER:$line\n";

$h=$line-1;
$t=$line+1;

system "head --lines $h $file > $file.new";
system "tail --lines +$t $file >> $file.new";
system "rm $file";
system "mv $file.new $file";
system "chmod 644 $file";
Posted by at No comments:
Subscribe to: Posts (Atom)