1 00:00:06,589 --> 00:00:09,410 Okay, let's talk about the SSH client a little bit more. 2 00:00:10,169 --> 00:00:16,670 So what is going on in the SSH client? Well, when first you are logging into an SSH 3 00:00:16,670 --> 00:00:23,170 server, the server host key is cached in the file SSH known hosts and while connecting to a 4 00:00:23,170 --> 00:00:29,670 host the key is checked. And if that key doesn't match, then the connection is refused. 5 00:00:30,809 --> 00:00:34,964 Also, if you want to connect to a non default port, you 6 00:00:34,964 --> 00:00:39,119 can use lowercase p in SSH or uppercase p in SCP. 7 00:00:39,719 --> 00:00:42,890 So SSH Lisa add webhost p2022 for instance. 8 00:00:45,549 --> 00:00:48,390 Let me show you a bit about the server host keys. 9 00:00:49,729 --> 00:00:51,450 So I'm going to do something nasty. 10 00:00:52,140 --> 00:00:56,890 I'm going to edit the ssh now known host file. 11 00:00:58,070 --> 00:01:01,670 There I can see stuff for 138 and I'm 12 00:01:01,670 --> 00:01:05,269 going to mess it up a little bit. 13 00:01:08,650 --> 00:01:10,829 Changing random characters. That should do it. 14 00:01:15,829 --> 00:01:21,504 Another one and the final one. I just want to make sure that whatever happens 15 00:01:21,504 --> 00:01:27,180 I'm getting in trouble if I'm reconnecting. So would that work? Well, let's figure out. 16 00:01:27,299 --> 00:01:31,655 If I'm using SSH to Ubuntu, then what am I getting? Yeah, this 17 00:01:31,655 --> 00:01:36,010 is what I'm getting. This is exactly what I wanted to discuss. 18 00:01:36,950 --> 00:01:41,290 So what do we see? We see warning, remote host identification has changed. 19 00:01:41,810 --> 00:01:46,125 I really like this one. It's possible that someone is doing something nasty 20 00:01:46,125 --> 00:01:50,439 and you might be the victim of a man in the middle attack. 21 00:01:51,390 --> 00:01:54,980 Now I just forced this by changing. The host keys manually. 22 00:01:55,540 --> 00:02:02,280 But normally if this is happening with an Internet based SSH server, then you really might be in 23 00:02:02,280 --> 00:02:09,020 a situation where somebody is doing something nasty or where. You have just recycled an IP address. 24 00:02:09,599 --> 00:02:13,379 So previously you connected to a server. Using the same 25 00:02:13,379 --> 00:02:17,159 name or IP address. That server has been reinstalled. 26 00:02:17,729 --> 00:02:21,949 That might also be what is going on. Now. I can see that 27 00:02:21,949 --> 00:02:26,169 it's complaining about an offending key in the known host's line 4. 28 00:02:27,169 --> 00:02:30,189 Well, let's do a set I4D. 29 00:02:30,879 --> 00:02:36,680 We need a E for edit before that on SSH known host. 30 00:02:37,199 --> 00:02:40,949 If it's really in line 4 then this deletes line 4 and we 31 00:02:40,949 --> 00:02:44,699 can try it again. And as you can see, that worked perfectly. 32 00:02:45,199 --> 00:02:51,685 So now the offending host key has been removed and I can cache the host key again and this time it is 33 00:02:51,685 --> 00:02:58,170 valid. And the next time we have a valid hoax key to connect to. And that's what I wanted to show you.