NERSCPowering Scientific Discovery Since 1974

SSH Key Fingerprints

Occasionally maintenance on NERSC systems results in the SSH host key changing. On the first time you attempt to log in after this, ssh will stop with a warning like:
"WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" (Linux/Mac) or "WARNING - POTENTIAL SECURITY BREACH!" (Windows)

Do not ignore these warnings! 

The correct host key fingerprint for Cori is:

4096 SHA256:35yiNfemgwzHCHFrPGWrJBCCqERqLtOVSrR36s1DaPc

And for Edison:

4096 SHA256:riR+3TGNnPs0uqJxJBbvPU+JR3e/Z0xUzBRsip3ZOJ8

For PDSF:

2048 SHA256:4JGbnhiMkJ5kv1S5+UI5ggTY+Z6DzdEeBQvoFRfN9lw

For Denovo:

2048 SHA256:5O40oTM/81w4tAzW4ICAsFB3yxvBCh9Xow1Ju1ZBfFo

For DTN:

256 SHA256:tIO6fLqc2dHa1o3IGmWA5mtxqOURTlxHm3E6lV9zIGg

 You can replace entries in your ~/.ssh/known_hosts file that begin with "cori" and "edison" with the following entries (Note: there are three single-line entries for cori and edison each):

cori01,cori01-144,cori01-bond0.144,cori01-144.nersc.gov,cori01.nersc.gov,cori01,cori01-224,cori01-224.nersc.gov ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHrT0I4YXv+XGGJ0pS1tTOJ/IGipnHxInutATmZUOluVE1hyqYuXgF/4RNrTebd/sLMMjTUhlgjyW9iUnlWHeOc

cori01,cori01-144,cori01-bond0.144,cori01-144.nersc.gov,cori01.nersc.gov,cori01,cori01-224,cori01-224.nersc.gov ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMqmBQiM9/qZYzJenNzTx3JSGCCke1QGYcNFeJpZAbxk cori01,cori01-144,cori01-bond0.144,cori01-144.nersc.gov,cori01.nersc.gov,cori01,cori01-224,cori01-224.nersc.gov ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsxGw19ZL8EN+NZ9HhD+O/nATuvgZxcEuy/yXnGqz5wMzJj6rK7TsrdU8rdJNrhZDe3yjpCiKvqkbSKp22jK2/iMAeWDQvYpMgC6KyiNd0hztowtMFJEwb8gVmtkVioqIaf9ufJnOO0LX5A5J/4fQhICfbyPiX8SsjX0p655/kIm3T6hr7t89b4IkRu19/uWufbNaV/mZSFWl7asLKXJNTMhzEn6bsTcAqlm55Tp4NvCe1hvv6OY/vU5luDz09UDmnDfr/uukmVm5aIjtlZBGqbOe7huNJGIWhoGCN/SoArRu9T9c9fjOlRMOHcf0QYMQmxFQnR0TkJZQoJ5N+EYNUIB9dvnJs2mlN0ZEuUU0RwAUOge7RwujiZ2AWp/dV/PNvLGmDVUxiyXC0Uuw57Ga2e49hYisYU/J/NPp9AbHqO8M6kZqYdqWKYueIsM3FDti3vUbjV4J6sL6mOBbxuJpUhUEX5UXxGbR39hDVx9Lsj4dszu+mcBFnDNcpRCDjw3z+hDqdNNpzhIRlbHQErLBWL3vnn2MLnb/3z163gyRtu1iTuR5myBIs9jLDAsX94VbBzKWdCFe22x4Eo6HwB6u+UHlXov0fnBXtAmgwRegc1gQwxi2FXB/ty0q1EO+PYo3fjUVRRb4uqBBIvpFarwtL0T6iYAYgHY11vH9Z2BFAHQ== edison01,edison01-eth4,edison01-eth4.nersc.gov,edison01.nersc.gov,edison01,edison01-eth5,edison01-eth5.nersc.gov,edison01-bond1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQPHTSKic9gj6kyhfSkBWZdMgnESIQVI0vg7eNIkshb+pXGGGxWQXrIX3IL1W9bvwrjGNc2JAd9c5Y1CfV0B6sKHDm70pPTnZ3bkvWwq81bloepzJHWE9NpNd7xIlVaM7sh7fMURD5/e7E46qldrpBBtudJG9ZgmjxdmDSlWBTp6scDqehBZ+yaRg0N7zoEA86synBi/0DEDzqarHlvXwXS5mWBGnlC3ZI5Uz/QHD4K26y86SeKYf2EKUI0am+gcPRbUHjDLyThK+qFGveRe9G41eEw40hxmO/yooYgCjCEKVbfU4Po2uR6qb/p/cpeMLOyZ3itrZce6WMgQxw+8g9MPKWuCKH7SJnJ/70YQyLuSlc98mr3AE6fjcZZy8Uf4ckH49qXTH4ILYPEzqLzI86eM+tJltayUWV9aQVAG6lBn14DyCvAyAfts+RCE8JkGJzcUSu7UILiIrqEyOpMOrZ/z2wM7mYJlAVBbrjT0LO6hXh/ET/npo7mMhotjtptXk9qg7DLUfL647OZvWjxQxZlE6jtpHilOaCcXpY3pXUZTtza7kv3pRbnPmzWU0iKKLmqsjtAT773SIvJ/78MwwqIF4pEBiPx7Ixmf+rHwpQV/P6ADBadpTfx28297ZjzvQZ+gTscBWULxeUFNfZtm+jmpsMGPNJTXAAlyVW13zO9w==
edison01,edison01-eth4,edison01-eth4.nersc.gov,edison01.nersc.gov,edison01,edison01-eth5,edison01-eth5.nersc.gov,edison01-bond1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIBkhL5olHJD8AfAnxxOb7IdXqjPdjLlsSTgKnHQnb2qIYnpfkhuRjjrW9KcySIeVyq8awOWSuNYrDirXKs9q7w
edison01,edison01-eth4,edison01-eth4.nersc.gov,edison01.nersc.gov,edison01,edison01-eth5,edison01-eth5.nersc.gov,edison01-bond1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJMEpNzjkGplBVoPPjNwV+9Bay0UyyhaTYRpB6oQ0pM

 If your ssh client reports Cori and Edison fingerprints in "3d:28:24"..etc" format then it is using md5 rather than sha256 to report the fingerprint. Consider updating to a newer ssh client, or to see the fingerprint in the sha256 format shown here, add the FingerprintHash=sha256 option to your ssh command, e.g.:

ssh -o FingerprintHash=sha256 -l my_user_name edison.nersc.gov

 If you still see warnings about security breaches after replacing your cached host key with one of the above, please contact consult@nersc.gov