====== Host keys ======
Each computer you connect to has a host key, which is intended to be its unique identifier and this is true for Hábrók's access nodes. Checking a server's host key ensures that you are not inadvertently connecting to a system posing as Hábrók (known as a man-in-the-middle attack) by warning you that you are actually connecting to another machine.
The first time you connect to the Hábrók user access nodes, you are likely prompted if you want to store this host key (most often in a ''known_hosts'' file) and you most likely do so. In every subsequent connection, your computer compares the host key it has stored for the remote system you are trying to access and verifies that the key matches what is being presented by the remote system. If the keys match then your computer has verified that it is connecting to the right system and the connection can proceed.
==== Hábrók host key fingerprints ====
Each host key also has an associated fingerprint that is unique to it and that can be safely displayed and shared. Should you ever want to confirm that the key presented by the system you are trying to access you can compare their fingerprints. For this reason, here we list the currently valid host key fingerprints belonging to Hábrók's user access nodes:
ya4luc7Di5mQra2lA/yRd8o2GD/lOOqJ3y+n9mnV5Hg login1.hb.hpc.rug.nl (ED25519)
5UvAHkf3xrWv35sKKS6744yAh/PoWN/v4rdMvOJPfkU login2.hb.hpc.rug.nl (ED25519)
kSvIhP76plyHnXRhuJGYUeuXgCuKrQiULr48Lu75KFw interactive1.hb.hpc.rug.nl (ED25519)
PG/oR4e3rv/F8XgViK+D3/sP23liXzqTlH5iqkmVqcs interactive2.hb.hpc.rug.nl (ED25519)
BcSnR83HLGcainsieYH4ohQjV7vN/ZGgQLwOV/uOmGk gpu1.hb.hpc.rug.nl (ED25519)
KZCxsgcFf7mzD708oYjFl+C/UpBMuDyZahSk5AYck6U gpu2.hb.hpc.rug.nl (ED25519)
Fingerprints valid as of: 2025-02-21
==== New server hostkey ====
In order to bring Hábrók back online after an incident we sometimes have to reinstall and reconfigure the login and interactive nodes. Because of this, these nodes will have new server host keys. This means that connecting to Hábrók results in (correct) warnings that these keys no longer match those that had been registered on your system when you connected for the first time.
If Hábrók had to be reconfigured, then you can safely ignore this check because Hábrók's host keys //have indeed changed// due to the reinstallation. See bellow for instructions and examples on how to update a host key. **Only ignore this check and update your host keys if the system has indeed been reconfigured and if the fingerprint being presented to you matches the ones listed [[habrok:additional_information:hostkey_fingerprints#habrok_host_key_fingerprints|above in this page]]!**
=== MobaXterm ===
When reconnecting you will see a pop up window. Simply press "**Accept the new server hostkey and carry on connecting**"
{{:habrok:additional_information:remote_server_id_changed.png?400|}}
=== ssh connections on a terminal ===
You will see a message similar to:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:LnOMDB7/5L0OKJojsXb2CovSUGvd2k0U0oJ8L3xR2HI.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending ED25519 key in /home/user/.ssh/known_hosts:13
remove with:
ssh-keygen -f "/home/user/.ssh/known_hosts" -R "login1.hb.hpc.rug.nl"
Host key for login1.hb.hpc.rug.nl has changed and you have requested strict checking.
Host key verification failed.
Follow the instructions on the message and run:
ssh-keygen -f "/home/user/.ssh/known_hosts" -R "login1.hb.hpc.rug.nl"
**Note that your command may be different, as the path to the ''known_hosts'' file is likely different in your situation**. The suggestion in the warning message should give you the correct path.