I am trying to set up a web service (using the Play Framework) on an Ubuntu machine on the network. However, I am experiencing intermittent failures connecting to it, not being able to connect to it far more often than not.
One strange symptom is that these network problems affect SSH as well, and in particular the SSH host key of the machine will change, whether I am connecting to it from another Linux machine or from Windows using PuTTY. One sequence of events seems to be something like:
- After a while, I am able to SSH into the machine again.
- I access one page on the web server. It works. I try to access another page. It fails.
- Shortly thereafter, I am kicked off of my SSH connection.
- I try to SSH in – the connection can't be established.
- A while later I try to SSH in – the host key has changed. I accept the change and try to log in but I get "Access denied" in response to my password.
- A while later, I am able to SSH into the machine again.
And just now I accepted the key change, tried to log on, got disconnected before I could finish typing the password, and reconnected only to see that the key has changed again.
What could be causing the SSH host key to change? If this is a normal feature of the SSH server in response to some sort of strange behaviour, what sort of problems does this imply?
Best Answer
This is definitely not normal. Given your symptoms, I think you're experiencing an IP address conflict. There are two machines on your network with the same IP address, and one of them is the server you're trying to reach. Sometimes you're reaching the expected machine and all is well. Sometimes you're reaching another machine which has a different SSH key and your connection is rejected.
When there's an IP address conflict, it's common that a router locks in the route to one IP address until a cache expires, then queries the route again and updates it to match whoever responds first, producing somewhat random results. There's nothing preventing the switchover from happenning in the middle of a TCP connection.
Sophisticated routers raise an alert when IP conflicts happen, so your network administrator may already be tracking this. If you're root your server, you can resolve it by picking an unassigned IP address. If you're getting your IP address through DHCP, contact the DHCP administrator.