University of Oregon

Changes to on May 2, 2017

On Tuesday, May 2, 2017, at 8am, Information Services staff made a change to that requires users to take action.
Specifically, IS staff upgraded the SSH RSA host key for from a very old 1024-bit key to a newer 2048-bit key.
If you use, the first time you try to log in after about 8am on May 2, you will probably get a warning from your SSH client about a different host key. For example, the OpenSSH client used on many systems will show a warning like this:
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Before you can log in again, you will need to remove your existing host key for and accept the new one. You can verify that you're receiving the correct new key by confirming that it is using the correct fingerprint, which may be displayed in either of the following two formats:
  • Fingerprint (MD5): 86:98:93:bd:0a:fb:88:88:9e:88:22:02:07:28:c0:fd
  • Fingerprint (SHA256): xYeHawBE1hYimVVfnyS/btxymRsYzQuaveLVbJC1oMA

Other changes to and

The May 2 maintenance included some additional changes to and that shouldn't affect modern SSH clients in routine use but that may be of technical interest to advanced users of SSH.
  • Those who wish to ensure that their SSH clients will continue to work with and after the May 2 change can SSH to the host (an alias for which runs an SSH server with the intended configuration changes.
  • The SSH version 1 protocol is no longer supported due to its cryptographic weaknesses. However, there is also no indication anyone uses this protocol with or anymore.
  • The SSH "arcfour" ciphers (arcfour, arcfour128, arcfour256) are no longer supported, as the RC4 ("arcfour") encryption algorithm has been found to be cryptographically weak.
  • Similarly the hmac-md5, umac-64, hmac-sha1-96, and hmac-md5-96 MAC algorithms are no longer supported due to their cryptographic weakness.
  • The SSH-DSS host key for and are no longer supported by the SSH server because it is limited to 1024 bits in size.
  • The older diffie-hellman-group14-sha1 and diffie-hellman-group1-sha1 key exchange methods are no longer supported because they use 1024-bit Diffie-Hellman parameters. The diffie-hellman-group-exchange-sha256 and diffie-hellman-group-exchange-sha1 methods continue to work with Diffie-Hellman parameters of 2048 bits or larger.
  • The SSH servers on and now prefer cryptographically stronger stronger cipher and HMAC settings over weaker ones, so clients will generally negotiate the strongest settings they support. Some weaker ciphers and HMACs (like 3DES and SHA-1) continue to be supported for compatibility with older clients but may be removed if more critical weaknesses are found.
If you have any questions about these changes, please contact the Technology Service Desk.