Menu
I have set up ssh key pairs between my desktop and two servers, and from the servers to my desktop, but after reinstalling the OS on my desktop, I can't re-establish the key-pair going into my desktop by this:
mkdir ~/.ssh chmod 700 ~/.ssh ssh-keygen -t ssh-copy-id username@server I get the following error:
(names in italics changed to protect the innocent My desktop is Ubuntu, and I can't find the answer here)
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is ab:cd:ef:gh Please contact your system administrator. Add correct host key in /home/user/.ssh/known_hosts to get rid of this message. Offending key in /home/user/.ssh/known_hosts:1 RSA host key for user.server has changed and you have requested strict checking. Host key verification failed.
830
To fix this error, we need to delete the offending key from the “known_hosts” file present in our system in “. ssh” directory. The error gives you the remote server's IP address and the line number on which the key is stored in the “known_hosts” file.
This error occurs when the target server you are trying to SSH into has been rebuilt or had it's RSA key changed since the last time you connected to it.
You need to create a ~/. ssh/config file and disable strict host key checking by adding the content. This will disable host checking for all hosts you connect to. Rather than disabling host check for all Host “*”, it would be safer to specify a particular host.
ssh-keygen -R hostname This deletes the offending key from the known_hosts
The man page entry reads:
-R hostnameRemoves all keys belonging to hostname from a known_hosts file. This option is useful to delete hashed hosts (see the -H option above).
123
Most likely, the remote host ip or ip_alias is not in the ~/.ssh/known_hosts file. You can use the following command to add the host name to known_hosts file.
$ssh-keyscan -H -t rsa ip_or_ipalias >> ~/.ssh/known_hosts
Also, I have generated the following script to check if the particular ip or ipalias is in the know_hosts file.
#!/bin/bash #Jason Xiong: Dec 2013 # The ip or ipalias stored in known_hosts file is hashed and # is not human readable.This script check if the supplied ip # or ipalias exists in ~/.ssh/known_hosts file if [[ $# != 2 ]]; then echo "Usage: ./search_known_hosts -i ip_or_ipalias" exit; fi ip_or_alias=$2; known_host_file=/home/user/.ssh/known_hosts entry=1; cat $known_host_file | while read -r line;do if [[ -z "$line" ]]; then continue; fi hash_type=$(echo $line | sed -e 's/|/ /g'| awk '{print $1}'); key=$(echo $line | sed -e 's/|/ /g'| awk '{print $2}'); stored_value=$(echo $line | sed -e 's/|/ /g'| awk '{print $3}'); hex_key=$(echo $key | base64 -d | xxd -p); if [[ $hash_type = 1 ]]; then gen_value=$(echo -n $ip_or_alias | openssl sha1 -mac HMAC \ -macopt hexkey:$hex_key | cut -c 10-49 | xxd -r -p | base64); if [[ $gen_value = $stored_value ]]; then echo $gen_value; echo "Found match in known_hosts file : entry#"$entry" !!!!" fi else echo "unknown hash_type" fi entry=$((entry + 1)); done If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
