1 00:00:06,600 --> 00:00:08,250 - You have already seen how to connect 2 00:00:08,250 --> 00:00:09,900 to an SSH server before. 3 00:00:09,900 --> 00:00:12,330 So I just want to add a couple of facts 4 00:00:12,330 --> 00:00:15,360 that we haven't discussed before and demonstrate. 5 00:00:15,360 --> 00:00:17,580 So when you first log into an SSH server, 6 00:00:17,580 --> 00:00:20,880 the SSH server host key is cached in a file, 7 00:00:20,880 --> 00:00:23,940 dot ssh slash known hosts. 8 00:00:23,940 --> 00:00:26,490 And while connecting to those, the key is checked 9 00:00:26,490 --> 00:00:30,030 and if it doesn't match, then connection is refused. 10 00:00:30,030 --> 00:00:30,960 Also, you should know 11 00:00:30,960 --> 00:00:33,450 that if you want to connect to a non default port, 12 00:00:33,450 --> 00:00:36,030 you need to tell the SSH client about it. 13 00:00:36,030 --> 00:00:38,220 And something funny is going on here. 14 00:00:38,220 --> 00:00:40,440 The SSH client has lower case p, 15 00:00:40,440 --> 00:00:41,910 followed by the port number. 16 00:00:41,910 --> 00:00:44,730 And if you use SCP, you have upper case p, 17 00:00:44,730 --> 00:00:46,890 followed by the port number. 18 00:00:46,890 --> 00:00:50,610 Which is needed if SSH is listening on a non default port. 19 00:00:50,610 --> 00:00:51,453 Let me show you. 20 00:00:53,310 --> 00:00:55,050 let's start by using SSH. 21 00:00:55,050 --> 00:01:00,050 I want to be user student on 192, 168, 29, 142. 22 00:01:00,390 --> 00:01:03,030 And uh-oh, what do we get? 23 00:01:03,030 --> 00:01:06,150 Well, we get, in fact, exactly what I wanted to see. 24 00:01:06,150 --> 00:01:09,063 A remote host identification has changed. 25 00:01:10,350 --> 00:01:11,610 I know what happened. 26 00:01:11,610 --> 00:01:13,320 I'm using 142 now, 27 00:01:13,320 --> 00:01:16,110 and I messed around with the IP addresses a little bit. 28 00:01:16,110 --> 00:01:18,690 So the first time I connected to 142, 29 00:01:18,690 --> 00:01:21,270 it has stored the SSH host key. 30 00:01:21,270 --> 00:01:24,870 Now another host is using IP address 142. 31 00:01:24,870 --> 00:01:29,790 This other host has an other SSH host key fingerprint. 32 00:01:29,790 --> 00:01:32,130 And the other host is sending the host key fingerprint 33 00:01:32,130 --> 00:01:33,090 to the client. 34 00:01:33,090 --> 00:01:36,810 And the client is saying, "Dude, this is not good. 35 00:01:36,810 --> 00:01:40,470 Somebody might be doing something nasty." 36 00:01:40,470 --> 00:01:42,690 This might be a man-in-the-middle attack. 37 00:01:42,690 --> 00:01:44,970 So if something like this happens, 38 00:01:44,970 --> 00:01:49,740 you should always verify what is happening. 39 00:01:49,740 --> 00:01:51,630 In our case, it's also possible 40 00:01:51,630 --> 00:01:53,460 that the host key has just been changed. 41 00:01:53,460 --> 00:01:56,610 That is exactly the reason why. 42 00:01:56,610 --> 00:01:59,010 And we can see a message 43 00:01:59,010 --> 00:02:04,010 and the message right here is about the offending host key. 44 00:02:04,410 --> 00:02:05,550 Now, the offending host key 45 00:02:05,550 --> 00:02:06,660 is in the fellow users, 46 00:02:06,660 --> 00:02:08,850 Alexander van Vugt dot SSH, 47 00:02:08,850 --> 00:02:10,420 known host colon 84. 48 00:02:10,420 --> 00:02:12,690 And oh, by the way, we are on macOS 49 00:02:12,690 --> 00:02:14,790 because I haven't shown you macOS 50 00:02:14,790 --> 00:02:16,620 SSH connections before. 51 00:02:16,620 --> 00:02:19,110 They are very, very much like Linux. 52 00:02:19,110 --> 00:02:21,360 In fact, you won't even notice the difference 53 00:02:21,360 --> 00:02:25,230 between the mac SSH client and the Linux SSH client. 54 00:02:25,230 --> 00:02:26,130 The thing here is 55 00:02:26,130 --> 00:02:29,970 that I'm getting complaints about line number 84 56 00:02:29,970 --> 00:02:32,160 in the known hosts file. 57 00:02:32,160 --> 00:02:34,410 And this suggests that my known hosts file 58 00:02:34,410 --> 00:02:35,880 has a lot of lines. 59 00:02:35,880 --> 00:02:36,990 So I could remove it, 60 00:02:36,990 --> 00:02:39,000 that's not really what I want to do. 61 00:02:39,000 --> 00:02:42,750 I want to do a sed, minus i, minus e, 62 00:02:42,750 --> 00:02:47,750 84 d on tilde, 63 00:02:47,850 --> 00:02:51,930 slash, dot SSH, slash known host. 64 00:02:51,930 --> 00:02:53,576 You remember this command? 65 00:02:53,576 --> 00:02:58,260 This deletes line 84 from the known hosts file 66 00:02:58,260 --> 00:03:00,150 and now I can try it again. 67 00:03:00,150 --> 00:03:03,673 And oh, we also get an error on line 83. 68 00:03:05,310 --> 00:03:06,360 Well, okay. 69 00:03:06,360 --> 00:03:09,303 Then we are going to do the same for line 83. 70 00:03:10,230 --> 00:03:11,370 That's possible. 71 00:03:11,370 --> 00:03:13,950 And we are going to try it again. 72 00:03:13,950 --> 00:03:14,783 All right. 73 00:03:14,783 --> 00:03:17,943 So after cleaning up this host key information, 74 00:03:18,930 --> 00:03:23,220 we can actually store it. 75 00:03:23,220 --> 00:03:25,260 We can see the host key is known already 76 00:03:25,260 --> 00:03:27,420 by the following other names and addresses. 77 00:03:27,420 --> 00:03:28,710 This is something we have used 78 00:03:28,710 --> 00:03:31,770 in the past, connected to the same host key. 79 00:03:31,770 --> 00:03:33,150 And I know that 80 00:03:33,150 --> 00:03:35,730 because before I was running it on 2022, 81 00:03:35,730 --> 00:03:37,320 now I'm running it on 22. 82 00:03:37,320 --> 00:03:39,540 So I want to continue connecting 83 00:03:39,540 --> 00:03:42,570 and I'm adding my password and there we go. 84 00:03:42,570 --> 00:03:47,570 I'm on the Ubuntu machine right here. 85 00:03:48,160 --> 00:03:51,600 Now I can actually try 86 00:03:51,600 --> 00:03:55,473 and see if we get connection to the CentOS machine. 87 00:03:56,340 --> 00:04:00,660 So from the Ubuntu environment, SSH minus p, 88 00:04:00,660 --> 00:04:03,360 minus p 2022, 89 00:04:03,360 --> 00:04:08,360 to 192, 168, 29, 101. 90 00:04:09,090 --> 00:04:09,923 101? 91 00:04:09,923 --> 00:04:10,756 Yes. 92 00:04:10,756 --> 00:04:12,000 Because in the lesson about networking, 93 00:04:12,000 --> 00:04:15,240 we changed the IP address for the CentOS machine. 94 00:04:15,240 --> 00:04:19,560 And, uh-oh, I am getting a connection refused 95 00:04:19,560 --> 00:04:24,270 on the CentOS machine for port 2022. 96 00:04:24,270 --> 00:04:26,570 That means we need to do some troubleshooting. 97 00:04:27,750 --> 00:04:29,915 Right, troubleshooting, here we go. 98 00:04:29,915 --> 00:04:32,567 First part of the troubleshooting is IP, a. 99 00:04:32,567 --> 00:04:34,470 What is IP, a showing? 100 00:04:34,470 --> 00:04:35,730 29, 101. 101 00:04:36,749 --> 00:04:38,220 So 29, 101. 102 00:04:38,220 --> 00:04:40,170 That seems to be correct. 103 00:04:40,170 --> 00:04:44,070 Second part of troubleshooting, sudo, systemctl, 104 00:04:44,070 --> 00:04:46,053 status, SSHD. 105 00:04:46,950 --> 00:04:48,660 And there we can see, 106 00:04:48,660 --> 00:04:50,310 oh, we can see that that's not good. 107 00:04:50,310 --> 00:04:52,890 Server listening on port 22. 108 00:04:52,890 --> 00:04:54,300 You know what happened? 109 00:04:54,300 --> 00:04:56,130 Well, you probably don't know 110 00:04:56,130 --> 00:04:57,930 but history will tell us. 111 00:04:57,930 --> 00:05:00,990 History is telling us that in command 780, 112 00:05:00,990 --> 00:05:02,160 I applied my change. 113 00:05:02,160 --> 00:05:03,990 But after applying the change 114 00:05:03,990 --> 00:05:07,620 I never restarted SSHD again. 115 00:05:07,620 --> 00:05:08,565 So blind, 116 00:05:08,565 --> 00:05:13,320 I'm pretty convinced that command 779 117 00:05:13,320 --> 00:05:18,030 or restarting the SSH process will fix the problem. 118 00:05:18,030 --> 00:05:18,990 Back to status, 119 00:05:18,990 --> 00:05:22,498 listening on port 2022, looking better. 120 00:05:22,498 --> 00:05:24,630 So let's try it again. 121 00:05:24,630 --> 00:05:25,650 And there we go. 122 00:05:25,650 --> 00:05:29,040 And this is looking so much better. 123 00:05:29,040 --> 00:05:30,715 Are you sure you want to connect? 124 00:05:30,715 --> 00:05:31,620 Continue? 125 00:05:31,620 --> 00:05:32,880 Yes, I'm sure. 126 00:05:32,880 --> 00:05:34,290 Entering the password. 127 00:05:34,290 --> 00:05:35,820 And here we go. 128 00:05:35,820 --> 00:05:40,710 I'm logged in on the CentOS machine on port 2022. 129 00:05:40,710 --> 00:05:41,543 That's all.