Technical Staff Blog

Last update on .

We are aware of a problem with the SSH gateway where X11 forwarded connections are failing with a notice regarding an "unknown RSA Host Key".  As we are working on discovering the root of this problem a workaround, when X11 sessions are not needed,  seems to be to disable x11 forwarding for that instance of an ssh connection.  *Note: x11 forwarding is enabled by default.

To temporarily dissable x11 forwarding run:

ssh <uid> -x

We apologize for the incovenience that this has undoubtedly caused.  A more elegant solution/fix will be pushed out as soon as possible, which will accompany an update to this blog post. Please check back later, for more information.

UPDATE @ 17:12: We don't think it's quite that simple. When our desktops were upgraded to Debian jessie, they appear to have added "ECDSA" and "ED25519" type host keys by default. Prior to upgrading our SSH gateways to jessie, this was not a problem because the source machines didn't have these types of keys and they were simply ignored. When the SSH gateways were upgraded, they started being used. For now, we've disabled these keys on our SSH gateways, which should return us to the previous mode of operation where they didn't exist. Meanwhile, we will work on distributed the appropriate key pairs which should permit us to support these newer key types.