Friday, February 19, 2010

Nerd Food: SSH darwin awards

Like every other Linux user, I use SSH extensively to connect to different computers and run applications remotely (-X in particular is one of my favourites). SSH has a tendency to remember hosts you've connected to in the past, and stores this information under ~/.ssh/known_hosts. This works quite well for fixed IPs in the WAN, where SSH key to IP address is bijective. It doesn't work so well for people who connect to different local networks using the traditional 192.168.X.Y space, because the same IP maps to many different keys, confusing SSH. Any DHCP environment also suffers from this problem.

In the past, I've solved this the brute force way by trashing the whole of .ssh:

rm -rf ~/.ssh

This solution works fine. Fine, that is, unless you happen to actually have created a private/public key to authenticate with servers requiring it, such as GitHub. Just as I pressed the enter key, it suddenly occurred to me that I had in fact started messing around with git and said provider, and had made no backup of the key - even though the FAQ states quite clearly that one should do so. Classic Homer Simpson moment.

Fortunately, GitHub must have thought about this exact same mistake and made it really easy to update one's key. From now on:

rm -rf ~/.ssh/known_hosts

No comments: