SSH Keys Renew June 2023

Refreshing SSH Key Fingerprint for Supported Programs

As a routine security measure, we will be replacing our SSH host keys used to secure all login servers for our Agate and Mesabi/Mangi clusters on June 7, 2023. This change will affect most of our users, but only impacts SSH connections (including ssh, scp, and sftp) to MSI's login servers (msi.umn.edu, mesabi.msi.umn.edu, mangi.msi.umn.edu, and agate.msi.umn.edu).

Current Host Fingerprints (good thru June 6, 2023)

Mesabi (Key Before June Maintenance):

Key Type Hash Type Hash
RSA SHA256 wk1tznpw3DMPOKHVJ9jvPSt0izD0q+u99A2jeHlsT6c
MD5 9a:d4:97:38:29:8c:7e:b5:f4:7a:63:37:3b:0b:6c:4c

 

Mangi (Key Before June Maintenance):

Key Type Hash Type Hash
RSA SHA256 jOjRQrC6C2JIvVOuRXpXVzJ+R+dAWQQyGF31h9gosVY
MD5 6e:9e:5f:26:9c:8e:0a:19:3b:95:a6:3d:b1:29:a1:e7

 

Agate (Key Before June Maintenance):

Key Type Hash Type Hash
RSA SHA256 RsyQZCcnrDhh4nCEvHiLn+mNKSxN0e72oiO9ZawL41c
MD5 c1:6b:9e:b6:6b:8d:63:ed:f4:97:8b:83:5a:5d:6a:e4

 

New Host Fingerprints (needed starting June 7, 2023)

Agate, Mesabi, Mangi (all login hosts share the same key):

Key Type Hash Type Hash
RSA SHA512 OZfbPtOeVN2v94zzg9IA+asAWcqGVMmtuxvRudZNM5i4Lv15mfB0/7AYdEz+OLirDePVrgBgrlb0sH3P1hE6Pg
SHA256 F3N2lTEMMJSpgTQG/R2nF/jMfczHSClT60j1bvLjpE4
MD5 cb:f6:cc:8f:63:76:b9:d0:0e:e2:f6:ae:6a:87:20:ba

 

 

This guide provides instructions on how to repair a change of SSH key fingerprint for the following programs on macOS and Windows operating systems. In each case, we present two options for changing the fingerprints:

  • Option 1 will involve trying to connect after the change takes place, and a response to that error message you receive to update the information automatically - in all cases, make sure that fingerprints match the new ones listed above.

  • Option 2 in each case will be for those who prefere to update their information manually, with a text editor, and can be done ahead of time.

Windows Operating System:

  1. Command Prompt
  2. PuTTY
  3. WinSCP
  4. MobaXterm
  5. FileZilla

macOS Operating System:

  1. Terminal ( follow instructions below under Windows OS Command Prompt )

Note:

Before proceeding with the instructions, ensure that you have the correct SSH key. The new key can be found at the top of the page.

The appropriate hostnames are:

agate.msi.umn.edu

mesabi.msi.umn.edu

mangi.msi.umn.edu

login-test.devops.stratus.msi.umn.edu - this host is only for demonstration purposes, and should be replaced with one of the appropriate hostnames

Windows Operating System:

Command Prompt:

  • Option 1: Using Command Prompt
    • Open Command Prompt.
    • Type the following command, replacing "hostname" with the appropriate hostname in the note above : ssh-keygen -R hostname.
    • Press Enter to execute the command.

    Video Demo:

  • Option 2: Editing Known Hosts File
    • Open File Explorer.
    • Navigate to the .ssh directory. An example path is C:\Users\YourUsername\.ssh\known_hosts.
    • Open a text editor, such as Notepad.
    • Remove the offending line containing the incorrect SSH key fingerprint.
    • Save the file.

PuTTY:

  • Option 1: Updating Key via PuTTY
    • When connecting via PuTTY, you will receive an alert indicating a different fingerprint.
    • Check the reference web page for the new SSH key fingerprint.
    • If the fingerprints match, click "OK" to continue. PuTTY will update the key for you.

    Video Demo:

  • Option 2: Editing Registry Entry
    • Open the Windows Registry program.
    • Navigate to the following path: Computer\HKEY_CURRENT_USER\SOFTWARE\SimonTatham\PuTTY\SshHostKeys.
    • Delete the entry for the offending host.

WinSCP:

  • Option 1: Updating Key via WinSCP
    • When connecting via WinSCP, you will receive an alert indicating a different fingerprint.
    • Check the reference web page for the new SSH key fingerprint.
    • If the fingerprints match, click "OK" to continue. WinSCP will update the key for you.

    Video Demo:

  • Option 2: Editing Registry Entry
    • Open the Windows Registry program.
    • Navigate to the following path: Computer\HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SshHostKeys.
    • Delete the entry for the offending host.

MobaXterm:

  • Option 1: Updating Key via MobaXterm
    • When connecting via MobaXterm, you will receive an alert indicating a different fingerprint.
    • Check the reference web page for the new SSH key fingerprint.
    • If the fingerprints match, click "OK" to continue. MobaXterm will update the key for you.

    Video Demo:

  • Option 2: Editing Configuration Directory
    • Open the File Explorer program.
    • Navigate to the following path: C:\Users\YourUsername\AppData\Roaming\MobaXterm.
    • Delete the contents of the directory.

FileZilla:

  • Option 1: Updating Key via FileZilla
    • When connecting via FileZilla, you will receive an alert indicating a different fingerprint.
    • Check the reference web page for the new SSH key fingerprint.
    • If the fingerprints match, click "OK" to continue. FileZilla will update the key for you.

    Video Demo:

  • Option 2: Editing Configuration Files
    • Open the File Explorer program.
    • Navigate to the following path: C:\Users\YourUsername\AppData\Roaming\FileZilla.
    • Locate the file named sitemanager.xml.
    • Open sitemanager.xml with a text editor, such as Notepad.
    • Search for the entry corresponding to the offending host.
    • Delete the entire entry for the host, including the tags surrounding it.
    • Save the sitemanager.xml file.

Additionally, for FileZilla you need to delete the host entry within PuTTY's Windows Registry location:

  1. Open the Windows Registry program.
  2. Navigate to the following path: Computer\HKEY_CURRENT_USER\SOFTWARE\SimonTatham\PuTTY\SshHostKeys.
  3. Delete the entry for the offending host.

If you have questions or need assistance please contact the helpdesk.