SSH Problems

Our SSH Fingerprint

Here is the RSA key fingerprint of the login node: 58:d4:7a:5e:f2:c8:75:a1:27:ae:f3:24:c5:f5:46:48

Operation Timed Out

If you get this error when trying to connect to the HPC ssh: connect to host 138.25.37.51 port 22: Operation timed out then check that you have started the UTS VPN.

Host Identification has Changed

What does this warning mean?

~$ ssh myname@some_address 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:pDWIRVV2A93a5hgJM7YtavJcOheNs3dGyh8DY5riAdU.
Please contact your system administrator.
Add correct host key in /Users/XXXXX/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/XXXXX/.ssh/known_hosts:3
RSA host key for 138.xx.xx.xx has changed and you have requested strict checking.
Host key verification failed.
$

You might get this message if you had logged in previously to our older login node. Its fingerprint was pDWIRVV2A39azhgJMsYtS3vJOcxeNhbNIdGyDYriAeU. When we changed to a newer server for our login node we kept the same IP address. That means when you attempt to connect to it your local SSH client sees a different fingerprint (i.e. it’s a different machine) and will, correctly, refuse to connect. This is to prevent “man in the middle” attempts to get access to our server or to your password.

If you know its OK to connect then simply delete the line in your local SSH known_hosts file. In the case above it would be line 3.

If you are not sure contact us.

Connection Reset by Peer

If you get an error that says: ssh_exchange_identification: read: Connection reset by peer then this means that your IP address is blocked at our end. Attempts to access non existant accounts or several failed passwords on an existing account will cause this to occur – it’s there to stop persons from trying passwords multiple times to gain access.

Just log a service request and we can unblock that IP address. We usually also need your IP address to know what one to unblock.

If on Mac OSX or Linux in a terminal type:

$ ipconfig

On Windows you need to open a DOS box and type that command.

I have Added my Public Key but Still Can’t Connect

You have generated a public and private keypair and appended the public key to your .ssh/authorized_keys files on the HPC but you still get asked for a password or it does not connect. Check the permissions on your .ssh/authorized_keys file. It might have permissions that are too open.

An ls -l shows:

-rw-rw-r--  authorized_keys

Change it using $ chmod 644 authorized_keys so that it is less open:

-rw-r--r--  authorized_keys

MobaXterms' Remote Monitoring Feature

MobaXterm has a “Remote Monitoring” feature that pummels the login node every second so that it can display a remote status bar at the bottom of the terminal window. It is not on by default. We would like you not to use this feature.

To turn this off in MobaXterm go to the drop down menu and select Settings / Configuration. On the SSH tab, and under the section “SSH-browser settings”, you will see an option “Remote-monitoring (experimental)”. Make sure this is not selected.

This is custom footer