[Problem description]
2021-08-30 USIT/IT-security set into operation new type of machine keys due to hardening of the ssh security.
The new type, ED25519 takes place before the old RSA keys.
This led to all connecting from outside UiO getting an error
"WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"
This is true this time, it's done by purpose. Trust me!
Further you cannot log in and the correponding information is
ED25519 host key for login.astro.uio.no has changed
and you have requested strict checking.
[Solutions]
Your local file $HOME/.ssh/known_hosts keep a copy of the machines
key. The key may be updated by you running
ssh-keygen -R HOST.uio.no
ie.
ssh-keygen -R login.astro.uio.no
The new key the fingerprint for login.astro.uio.no (tsih2) is
SHA256:yyj9EI4sGdIr/efw1mX/0ZvuwojFFsqKkv0WhqQM1wA.
Other machines will have a different fingerprint and key of course.
If this do not solve your problem you may edit your ssh key file at your local machine ie. by one of these editors or another you prefer.
vi ~/.ssh/known_hosts emacs ~/.ssh/known_hosts
Note: The line you need to delete is stated in the error message and it starts with the name of the machine you tried to connect to like "Offending ECDSA key in /Users/USER/.ssh/known_hosts:9"
[More information]
ITA, "Remote access"
Dept. of Geoscience, "ssh tips and tricks"
[USIT/Central information, in Norwegian only]
A very short message only stating the new key fingerprint for
login.uio.no (smaug.uio.no), *not* the same as login.astro.uio.no (tsih2.uio.no)
Important notes, in short time(2021-10-01) you will need to use a jumphost for your workstation when connectiong from outside UiO
$ ssh -J brukernavn@login.uio.no brukernavn@kontormaskin.uio.no $ ssh -CX -J bruker@login.astro.uio.no bruker@kontormaskin.uio.no