Skip to content

SSH Problems

Our SSH Fingerprint

Here is the login node’s SSH key fingerprint in a few different formats: 

hpcnode01 ~/$ ssh-keyscan localhost | ssh-keygen -lf -
256 SHA256:vFhERHas++xmCrW1DQ+bPEs3K/Tij2ctDud4K4Wnyr4 localhost (ED25519)
3072 SHA256:LO0mfHNvDbKTQ/ZoW/U1skkKxakoq7xPI0PsFO49IU8 localhost (RSA)
256 SHA256:Lm+wfODaaxEiQMHlHuCTAR7zeSKmq6m6tKD1p7fhpg0 localhost (ECDSA)

One of these will be displayed when you first connect to the HPC login node.

Operation Timed Out

If you get this error when trying to connect to the HPC ssh: connect to host 138.25.37.51 port 22: Operation timed out then check that you have started the UTS VPN.

Host Identification has Changed

What does this warning mean?

~$ ssh myname@some_address 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:pDWIRVV2A93a5hgJM7YtavJcOheNs3dGyh8DY5riAdU.
Please contact your system administrator.
Add correct host key in /Users/XXXXX/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/XXXXX/.ssh/known_hosts:3
RSA host key for 138.xx.xx.xx has changed and you have requested strict checking.
Host key verification failed.
$

A server that you login to has a unique “fingerprint”, in this case its pDWIRVV2A93a5hgJM7YtavJcOheNs3dGyh8DY5riAdU. The first time you connect this fingerprint
is saved to your local known_hosts file.

This error means when you attempted to connect to our server your local SSH client has seen a different fingerprint from what it had saved before. It therefore suspects that it might be connecting to a different machine, and will, correctly, refuse to connect. This is to prevent “man in the middle” attempts to get access to our server or to your password.

The important line in the above is this one: Offending RSA key in /Users/XXXXX/.ssh/known_hosts:3
This tells you that its in your SSH known_hosts file on line 3.

You might get this message if you had logged in ages ago to our older login node. Its fingerprint was pDWIRVV2A39azhgJMsYtS3vJOcxeNhbNIdGyDYriAeU. When we changed to a newer server for our login node we kept the same IP address.

If you know its OK to connect then simply delete that line in your local SSH known_hosts file.

If you are not sure contact us.

Connection Reset by Peer

If you get an error that says: ssh_exchange_identification: read: Connection reset by peer then this means that your IP address is blocked at our end. Attempts to access non existant accounts or several failed passwords on an existing account will cause this to occur – it’s there to stop persons from trying passwords multiple times to gain access.

Just log a service request and we can unblock that IP address. We usually also need your IP address to know what one to unblock.

If on Mac OSX or Linux in a terminal type: 

$ ipconfig

On Windows you need to open a DOS box and type that command.

I have Added my Public Key but Still Can’t Connect

You have generated a public and private keypair and appended the public key to your .ssh/authorized_keys files on the HPC but you still get asked for a password or it does not connect. Check the permissions on your .ssh/authorized_keys file. It might have permissions that are too open.

An ls -l shows:

-rw-rw-r--  authorized_keys

Change it using $ chmod 644 authorized_keys so that it is less open:

-rw-r--r--  authorized_keys

MobaXterms’ Remote Monitoring Feature

MobaXterm has a “Remote Monitoring” feature that pummels the login node every second so that it can display a remote status bar at the bottom of the terminal window. It is not on by default. We would like you not to use this feature.

To turn this off in MobaXterm go to the drop down menu and select Settings / Configuration. On the SSH tab, and under the section “SSH-browser settings”, you will see an option “Remote-monitoring (experimental)”. Make sure this is not selected.