Skip to content

Troubleshooting

SSH connection expired

If you want to keep the session active, edit the file ~/.ssh/config (if it doesn't exist, create it).

Enter the following lines:

   Host *
   ServerAliveInterval 300
   ServerAliveCountMax 2

With these settings, the SSH client will send an empty package to the other side every 300 seconds (5 minutes) and stop after two tries if there is no response. In this case, the connection was most likely disconnected anyway.

Setting correct permissions for SSH keys

This token will create an .ssh directory file of your server with correct permissions. However, if you created the permissions yourself, you can run the following commands on your server, during which the ssh connection to the system needs to be established and you need to be logged in as your user.

$  chmod 700 ~/.ssh
$  chmod 400 ~/.ssh/id_rsa
$  chmod 644 ~/.ssh/id_rsa.pub

The setting for the ownership and shared ownership of the files for a key pair must also to be correct. In both cases, the user must be set as the owner.

$  chown <username>:<username> ~/.ssh/id_rsa
$  chown <username>:<username> ~/.ssh/id_rsa.pub

Acquiring a public key from a private key

With the following command you can acquire a public key from a private key:

$   ssh-keygen -y -f <private_key> (ie. /usr/home/.ssh/id_rsa)

This can be useful for example if your server provider generated an SSH key for you and you were only able to download the private part of the key pair. Please note that you cannot acquire a private key if you only have the public key.

Unable to connect to host because of host ID change

When establishing an SSH connection, sometimes the following message appears:

 $  ssh <IP>
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 @   WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!  @
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
 Someone could be eavesdropping on you right now (man-in-the-middle attack)!
 It is also possible that a host key has just been changed.
 The fingerprint for the ECDSA key sent by the remote host is
 SHA256:I02UyJs2vS0ym4jWn5upAWZDqwu5RjMg4aM9hPq8G1k. 
 Please contact your system administrator.
 Add correct host key in /Users/<user>/.ssh/known_hosts to get rid of this message.
 Offending ECDSA key in /Users/khess/.ssh/known_hosts:4
 ECDSA host key for <IP> has changed and you have requested strict checking.
 Host key verification failed.

What happened was that you tried to connect to a system, which does not have the same IP address any more. This IP address now belongs to another system and SSH is implying that you may be a victim of a cyberattack. Reality is oftentimes not as exciting. It may be that your file known_hosts was not synchronised with the actual reality of the host.

The most simple solution is to completely remove the known_hosts file in the .ssh directory and so enable generating new keys for each host to which you connect.

However, if you have multiple hosts in the known_hosts file, it is not recommended to delete it, because you will lose the data on all other hosts. In this case it is better to just edit the file known_hosts. You can change the IP address of the host or completely delete a part of the host.

Unable to establish sftp connection to Vega

Sometimes the following error can appear when establishing sftp connection, which is due to OpenSLL version mismatch.

/usr/bin/ssh: symbol lookup error: /lib64/libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b

Connection closed

Solution is to unload OpenSSL module.

module unload OpenSSL