University of Oregon

Changes to on May 2, 2017

On Tuesday, May 2, 2017, at 8am, Information Services staff will be making a change to that will require users to take action.
Specifically, IS staff will be upgrading the SSH RSA host key for from a very old 1024-bit key to a newer 2048-bit key.
If you use, the first time you try to log in after about 8am on May 2, you will probably get a warning from your SSH client about a different host key. For example, the OpenSSH client used on many systems will show a warning like this:
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Before you can log in again, you will need to remove your existing host key for and accept the new one. You can verify that you're receiving the correct new key by confirming that it is using this fingerprint:

Other changes to and

The May 2 maintenance will include some additional changes to and that shouldn't affect modern SSH clients in routine use but that may be of technical interest to advanced users of SSH.
  • Those who wish to ensure that their SSH clients will continue to work with and after the May 2 change can SSH to the host (an alias for which runs an SSH server with the intended configuration changes.
  • The SSH version 1 protocol will no longer be supported due to its cryptographic weaknesses. However, there is also no indication anyone uses this protocol with or anymore.
  • The SSH "arcfour" ciphers (arcfour, arcfour128, arcfour256) will no longer be supported, as the RC4 ("arcfour") encryption algorithm has been found to be cryptographically weak.
  • Similarly the hmac-md5, umac-64, hmac-sha1-96, and hmac-md5-96 MAC algorithms will no longer be supported due to their cryptographic weakness.
  • The SSH-DSS host key for and will no longer be supported by the SSH server because it is limited to 1024 bits in size.
  • The older diffie-hellman-group14-sha1 and diffie-hellman-group1-sha1 key exchange methods will no longer be supported because they use 1024-bit Diffie-Hellman parameters. The diffie-hellman-group-exchange-sha256 and diffie-hellman-group-exchange-sha1 methods will continue to work with Diffie-Hellman parameters of 2048 bits or larger.
  • The SSH servers on and will prefer cryptographically stronger stronger cipher and HMAC settings over weaker ones, so clients will generally negotiate the strongest settings they support. Some weaker ciphers and HMACs (like 3DES and SHA-1) will continue to be supported for compatibility with older clients but may be removed if more critical weaknesses are found.
If you have any questions about these changes, please contact the Technology Service Desk.