skip to content
 

ssh (Secure Shell) messages and troubleshooting

ssh messages

ssh uses public-key cryptography to establish a computer's identity, which accounts for the messages about keys that sometimes appear when using it. When you connect to a server for which the public keys are not known, you will see a warning message, like:

The authenticity of host 'xxxxx (xxx.xxx.xxx.xxx)' can't be established.
RSA1 key fingerprint is xxxxxxxxxxxxxxxxxxx
Are you sure you want to continue connecting (yes/no)? 

or (for very old ssh clients) like:

Host key not found from the list of known hosts.
Are you sure you want to continue connecting (yes/no)?

It is important to check that servers' host keys are what you expect, as the host key is SSH's main defence against stealing your information. We provide host keys for most Maths workstations so that you can check them.

If you agree the public key will be saved, so it can be checked next time. If the stored key doesn't match the one the server offers you will see a message like:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: HOST IDENTIFICATION HAS CHANGED!         @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the host key has just been changed.

if you ever see this do not continue - if the client offers to - and contact the administrator of the machine you are attempting to use. Host keys do sometimes get changed - which will cause this message - but the danger that someone may be trying to obtain your password is very real.

If you have any doubt at all please send a message to help@maths.cam.ac.uk so we can advise you.

ssh connections dropping

Sometimes idle ssh sessions will stop working after a few minutes, particularly on home internet connections. This is because some routers and firewalls are overenthusiastic about cleaning up connections which they think are dead. The fix is to configure your ssh client to send a "null packet" every few minutes to keep the connection alive.

To do this on Linux or a Mac, add the following to /etc/ssh/ssh_config under the "Host *" line:

    ServerAliveInterval 300
    ServerAliveCountMax 2

To do it in PuTTY, go to the Connection panel and enter 300 for the number of seconds between Keepalives.