{"id":354,"date":"2016-02-01T18:12:36","date_gmt":"2016-02-01T18:12:36","guid":{"rendered":"http:\/\/blogs.qub.ac.uk\/screenshotsfromtheedge\/?p=354"},"modified":"2019-07-23T16:08:15","modified_gmt":"2019-07-23T15:08:15","slug":"ssh-into-kelvin-qub-ac-uk","status":"publish","type":"post","link":"https:\/\/blogs.qub.ac.uk\/screenshotsfromtheedge\/2016\/02\/01\/ssh-into-kelvin-qub-ac-uk\/","title":{"rendered":"SSH into kelvin2.qub.ac.uk"},"content":{"rendered":"

Kelvin2 is the new QUB HPC<\/a> system – access is typically via SSH, but if you’re using a Unix (Linux\/OS X) terminal client then you may see an error message along these lines:<\/p>\n

$ ssh\u00a01234567@kelvin.qub.ac.uk\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\nThe ECDSA host key for kelvin2.qub.ac.uk has changed,\nand the key for the corresponding IP address 143.117.27.22\nis unknown. This could either mean that\nDNS SPOOFING is happening or the IP address for the host\nand its host key have changed at the same time.\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\nIt is also possible that a host key has just been changed.\nThe fingerprint for the ECDSA key sent by the remote host is\nSHA256:pHx9AoPvrR9cXC5nBZerkrq\/A4mUTeugPYgWbImGnko.\nPlease contact your system administrator.\n\n<\/pre>\n
which is all very scary and unsettling. However it’s not actually anything to worry about.<\/p>\n
Kelvin2 has four head nodes, so kelvin2.qub.ac.uk resolves to four different IP addresses (and virtual machines) – this is presumably for redundancy so if one machine fails the others are still available. Which is great, but as there is no telling which one you will be pointed to at any given time this leads OpenSSH to become unhappy and confused.<\/p>\n
The workaround is to pre-populate the file ~\/.ssh\/known_hosts<\/strong> with the expected public keys, as shown below – these are very long single lines and the text box below will probably scroll to the right. Make sure to paste these into your known_hosts file as long lines, with no wrapping.<\/p>\n
\nkelvin2.qub.ac.uk,143.117.27.21 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAHWMgZWOmETQjmych3RrxMyVcQgtVa1ndkrFbUpiFiP7aiZoVAcacyoGImJWMjKCU+ihkTtREXDz4EDDrMEce4=\nkelvin2.qub.ac.uk,143.117.27.20 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLNqmr6N1XCVdDlkvnI+qxO8QMPsyYPk3zd\/CmgKDdgDgdn7rCpJRR3qBuiRjTM0Ok\/GWzYk\/h8Axaba0CVpv30=\nkelvin2.qub.ac.uk,143.117.27.22 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNQm41eL7A0QoTt9nwMz6gPZxw1L0i379r6f8lNQczoSQuLG9yp1M6ei7S0L6VwquBRkIMdmHzF4HtXmt33wy4k=\nkelvin2.qub.ac.uk,143.117.27.19 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH1T8XlKSmbuHOn0eEIVHfrvzYDBm0G6i2ansLID5XKtedN3OoxU\/PqL6glR9pHhN5TinVgOsYYjX+YxlULwoxs=\n\n\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Kelvin2 is the new QUB HPC system – access is typically via SSH, but if you’re using a Unix (Linux\/OS X) terminal client then you may see an error message along these lines: $ ssh\u00a01234567@kelvin.qub.ac.uk @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: POSSIBLE DNS … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":83,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[6],"tags":[],"class_list":["post-354","post","type-post","status-publish","format-standard","hentry","category-security"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pa93hP-5I","_links":{"self":[{"href":"https:\/\/blogs.qub.ac.uk\/screenshotsfromtheedge\/wp-json\/wp\/v2\/posts\/354","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.qub.ac.uk\/screenshotsfromtheedge\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.qub.ac.uk\/screenshotsfromtheedge\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.qub.ac.uk\/screenshotsfromtheedge\/wp-json\/wp\/v2\/users\/83"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.qub.ac.uk\/screenshotsfromtheedge\/wp-json\/wp\/v2\/comments?post=354"}],"version-history":[{"count":1,"href":"https:\/\/blogs.qub.ac.uk\/screenshotsfromtheedge\/wp-json\/wp\/v2\/posts\/354\/revisions"}],"predecessor-version":[{"id":551,"href":"https:\/\/blogs.qub.ac.uk\/screenshotsfromtheedge\/wp-json\/wp\/v2\/posts\/354\/revisions\/551"}],"wp:attachment":[{"href":"https:\/\/blogs.qub.ac.uk\/screenshotsfromtheedge\/wp-json\/wp\/v2\/media?parent=354"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.qub.ac.uk\/screenshotsfromtheedge\/wp-json\/wp\/v2\/categories?post=354"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.qub.ac.uk\/screenshotsfromtheedge\/wp-json\/wp\/v2\/tags?post=354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}