HPC/UCPH
   
 

Fingerprints from frontends

The current fingerprints for the frontends at HPC/UCPH are:

fend01
RSA:
MD5:94:69:12:c0:14:9d:dc:f0:72:aa:a3:41:f3:0d:56:3a
SHA256:maLZqGvQrsxzLRqBtP9ABkMiFdxNZByisORS6NhLW8c
ED25519:
MD5:f4:75:d1:6d:c2:22:f2:72:0a:6a:12:af:e0:e6:5d:36
SHA256:HRAah5ypVKial0qK5DnQ9HeJ/MFdnkNzQ7uJw2Gm5Eg
fend02
RSA:
MD5:64:cb:eb:ef:12:18:44:7f:b8:66:85:41:bf:98:2d:ba
SHA256:0Id778fQiVsjaiq1Y2CHSEg35sQpMXzYPIyrbO/6Hjg
ED25519:
MD5:f6:af:67:8b:64:19:05:5e:85:fa:50:bb:ba:33:44:a5
SHA256:qqNYxieOIiZIB+Q0N6s+3SVj4j9om/QrNRV76xRN3rk
fend05
RSA:
MD5:bd:10:59:47:e5:02:96:44:5a:96:43:d3:65:c5:76:5d
SHA256:hvCd2L36gjXOl3MxeF/YLbx+UTWfKcT88o6jjklqPmo
ED25519:
MD5:13:99:97:af:70:7d:1a:08:3c:e3:c3:fa:3b:e4:e8:c2
SHA256:bh+p6tPvOHH0w3g/+9og4wiUKO375NJfu1rrFmROQbU
astro01
RSA:
MD5:c2:85:19:e2:94:e7:d7:7d:25:21:7e:38:b5:3a:0a:64
SHA256:2STiyMgHGog4Hs7zEu3mn0SUIC6BkzlZ2Y+XTMLJdG8
ED25519:
MD5:59:54:eb:20:56:d1:e5:29:89:ed:e0:74:a7:62:a4:e6
SHA256:tGrxPpbVgwR6dpks074lrhyrIqQNDZHgWojw+tXfz4w
astro02
RSA:
MD5:e4:63:76:c4:76:ee:f8:03:6b:07:62:7d:fa:d3:4a:c5
SHA256:SHP1Z7hFq1BG7nJ+vKPwdxEPwWj2rtbE3R/5FPwCSIw
ED25519:
MD5:ef:e0:5f:29:fe:1a:ab:bf:fb:c4:3c:ba:b1:33:ce:0e
SHA256:k6pvVdPryobfjyiPPHO4Bm2la79dEo56lUupi1Ydq6U
astro03
RSA:
MD5:74:5a:50:45:dc:b4:23:74:46:ae:a5:c9:a1:6a:0c:77
SHA256:u3V17nHWvtZxnQ2oK7522Rc9Tkk7Jk5GSYFSjz4+o7E
ED25519:
MD5:16:f5:2a:6c:28:ab:97:0c:fe:a6:a1:48:c1:61:03:4e
SHA256:6rSC3duGNACwJ8Di0bNMdyrWTwqurVc1qRJrgmEoNYo
astro04
RSA:
MD5:4a:3d:51:0f:36:c4:73:81:ff:59:7d:d2:20:3c:a1:77
SHA256:uFwmU3lQmyqVNg2A6FLb4LH2CQWR4hp5d0Q2sw3k0wE
ED25519:
MD5:93:f9:fe:da:34:dd:ff:28:4b:fe:f3:6b:2e:e7:c8:2f
SHA256:Ql+x8uZ0+eKhEra4QFpyQIRD8INaXwn+XsvCzw4co7E
magni
RSA:
MD5:de:ad:c9:de:23:89:53:3c:34:ba:de:41:ac:b8:5f:e0
SHA256:HpU1fgetjvJqzuahpee9AqI6xSggyjYup95aFk6Zvk0
ED25519:
MD5:7b:35:e8:01:22:91:b1:8b:01:f9:28:82:c5:a1:1e:4b
SHA256:fgsHinkXA8C1rGhPEFB031qGOR1IVv5YqeB4r3+iljQ
dark01
RSA:
MD5:f8:3d:d6:89:52:63:93:e7:a8:9d:65:22:09:67:51:47
SHA256:hP6V3ag/LBOOD2Hj5+RoffAXmPdGeD1okT8lp4g8eqo
ED25519:
MD5:10:b6:2c:99:c3:6f:e9:e0:b2:c5:96:a8:d9:23:ac:e5
SHA256:wlKd+eixBSadF9AxeLPT8Z8q6Drh1y2tzeOt98Z3arM
hep01
RSA:
MD5:fa:eb:18:85:31:c8:12:fe:71:e9:88:2a:f7:84:aa:d5
SHA256:3AjnAXwsGADBycdp3KzLXn/hYx2QHrwjC8z48ZA8bTc
ED25519:
MD5:ad:9c:4b:25:f7:a0:79:b1:32:5d:f8:b1:d1:ea:63:13
SHA256:/FwBgQ9h7ZYIJMUm1oJVYB9TBw2roS+cTFecJf7GDSE
hep02
RSA:
MD5:6a:ae:a5:dc:02:a0:c9:77:da:4a:b1:73:10:d2:00:58
SHA256:S4ZHfccZRiWS1eBitLsKynrLWoZgllnX1as/WNvwYKY
ECDSA:
MD5:7f:d2:12:51:3a:07:d2:93:f2:ff:92:78:57:71:d7:f3
SHA256:JEXJXmcVZNqzbAgwtS1sJQw1035N33nBGyE3GFLi4w8
ED25519:
MD5:26:2c:66:b1:01:3b:dd:0d:75:ec:ac:1c:60:68:d0:a4
SHA256:0uE4Ih2NJzMreubObUTPAmv1aKAaN8206AC9aPLa9AQ
hep03
RSA:
MD5:38:ec:7d:a8:6a:88:ec:cc:65:94:db:93:f3:ca:de:a9
SHA256:UfaqEaMBTEfJ/Svs5Z5cDTRLpDDcG9PvKeBos06d65Q
ECDSA:
MD5:72:5e:c7:df:5b:b5:5c:36:09:f2:5a:d8:a6:5a:a9:07
SHA256:vmOC5HexlSbE5e90uRz8BKcBXLXnh8Lgk5AYRr1VfS8
ED25519:
MD5:b3:47:58:d6:c1:af:1a:b4:30:ee:17:3e:23:d2:bc:b6
SHA256:nhYwF3wUVyuLbE27HuGP2q+znhiPzF13ObJVJhxgr0s
hep04
RSA:
MD5:cf:fd:75:fd:9a:a3:33:06:45:f0:f5:7a:9a:f5:68:db
SHA256:7B0AEH0FF9kxXb0mWS3h9BlSsKhyFSXlA9/pTzjOSpI
ECDSA:
MD5:42:4c:75:a1:aa:65:ca:df:1a:bc:a5:27:85:74:1b:b3
SHA256:lS/eLGohZJ5e1pEoJWLkbE5H5/Exm1/PWIEYhJxw2E4
ED25519:
MD5:d0:09:a2:37:e2:a6:af:0c:80:a0:1f:3d:f9:45:69:53
SHA256:gTmpOw3lgg6y3Zg61xXrW0I2hzykQvBjallNbZBSeBU
otp
RSA:
MD5:24:eb:cb:74:ac:30:5f:4d:11:22:a4:31:92:64:71:d3
SHA256:vY0i7rfIfWwINzJPjtrUhE40rzHfgqN2rsq+YvcQXug
ED25519:
MD5:d7:0f:97:70:fb:fb:e5:d8:52:f6:c8:e1:4f:22:0e:5b
SHA256:LzIrr4wIlbflszB5q95hk5lTIFuBozX9sZw+I47Tcoo
front
RSA:
MD5:64:21:45:eb:52:99:20:f0:cf:44:47:f2:c6:d1:ec:35
SHA256:uHbXXasbYpHjH11t1L57AJpNIz8N0Pfc5HARECv75Ac
ED25519:
MD5:4b:7f:28:e6:8e:61:7f:84:73:37:dc:95:65:70:2c:fb
SHA256:k3/7UXS+Itt8samNGiS/S0MW7WctYFIE2jgAJCtzrQk

Handeling old fingerprints

If you have used a frontend before, you should get a warning about a new fingerprint. If the reported fingerprint matches the list abowe, please update -- if it doesn't match, something is wrong and you should try another frontend - and if the problem persist, contact support.

Example:

$ ssh fend03
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for fend03.hpc.ku.dk has changed,
and the key for the corresponding IP address 10.266.1.13
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now 
(man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:1o/3qHI/ImLYjuME0llmztWy6IuXxZY4sLM0r1NR2hM.
Please contact your system administrator.
Add correct host key in /path/to/.ssh/known_hosts to get 
rid of this message.
Offending ECDSA key in /path/to/.ssh/known_hosts:433
RSA host key for fend03 has changed and you have 
requested strict checking.
Host key verification failed.
If the fingerprint matches the list at the top, update it locally - either by removing the old fingerprint with an editor or by running:
ssh-keygen -R fend03.hpc.ku.dk
Checking the hostkey, I can now connect to fend03
ssh HPCuser@fend03
The authenticity of host 'fend03 (10.266.1.13)' 
can't be established.
RSA key fingerprint is 
SHA256:1o/3qHI/ImLYjuME0llmztWy6IuXxZY4sLM0r1NR2hM.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'fend03,10.266.1.13' 
(RSA) to the list of known hosts.
[HPCuser@fend03 ~]$

Disconnects while idle

On some networks, the router/firewall will drop what it consider idle/stall (ssh) connection. This can be prevented by adding:


Host *
        ServerAliveInterval 60
to
.ssh/config
on your local laptop/computer.

Windows CMD

Users on Windows, might get:


Corrupted MAC on input.
ssh_dispatch_run_fatal: Connection to X.X.X.X port 22: message authentication code incorrect
A workaround is to add the flag -m hmac-sha2-512-etm@openssh.com to the ssh command (and -o MACs=hmac-sha2-512-etm@openssh.com to your scp command), or MACs=hmac-sha2-512-etm@openssh.com to your ssh_config for the host(s) where you experience this issue. More information in this upstream issue.

OS X Terminal

Users on OS X, might get:


-bash: warning: setlocale: LC_CTYPE: cannot change
       locale (UTF-8): No such file or directory
See a solution here (Method #1 or Method #2)

An alternative suggestion is to to add:


export LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8
to .bash_profile on the Mac and restart the shell.

Note: We don't have Mac's, so we have not testet this ourself.

WARNING: connection is not using a post-quantum key exchange algorithm

Users of OpenSSH 10.1 will see the message that:


** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html

Our SSH-servers are still OpenSSH 8, so they don't yet support the needed "post-quantum" algorithms. If you want to silence the warning, you can add:


WarnWeakCrypto no-pq-kex

to the .ssh/ssh_config file on you local machine.