Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Possible DNS spoofing detected. Remote host identification has changed

Tags:

git

ssh

ssh-keys

I recently changed server and as a consequence, I have a new IP address. When I try to use git fetch [remote repository], I get this:

C:\Users[path]\app>git fetch [remote repository] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @
WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The RSA host key for example.net has changed, and the key for the corresponding IP address [IP address of new server] is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:ep0A2t+sVMSaIEbS8wt8ptfmdHSr1kNocWsBNab0tsI. Please contact your system administrator. Add correct host key in /c/Users/[username]/.ssh/known_hosts to get rid of this message. Offending RSA key in /c/Users/[username]/.ssh/known_hosts:1 RSA host key for example.net has changed and you have requested strict checking. Host key verification failed. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. C:\Users[path]\app>

I simply need to obtain a new SSH key from the new server and put it in my local computer to fix this, correct? Thank you.

like image 834
Jaime Montoya Avatar asked May 31 '18 16:05

Jaime Montoya


People also ask

How do I fix warning remote host identification has changed?

You should delete the key causing the “Warning: Remote host identification has changed” error, then save your changes. You might also want to delete the entire known_hosts file, especially if you only use SSH for one or two sites. To do this, you can run rm . ssh/known_hosts in a Terminal window.

What does it mean by warning remote host identification has changed?

The Warning: remote host identification error typically occurs when the unique fingerprint of your server does not match what was stored in your known_hosts file when you first connected. One common reason this key changes is because you have changed your root password or rebuilt your VPS server.

What causes SSH host key to change?

The user is in fact facing a MITM attack, where through spoofing, a malicious server is pretending to be the server to which the user is usually connecting. The connection is routed to the malicious server instead and as the hostile server's identity is different, this causes an expected SSH host key change warning.


1 Answers

If you actually have a new server and you refer to it with the same name or the same IP of the old one, then it's more than likely that the ssh certificates are not the same and you would get a spoofing warning message for it. in the message you can see that ssh is pointing to the line where the old certificate information is: /c/Users/[username]/.ssh/known_hosts:1. Long story short: If you changed server then it's expected that ssh certificates are not the same. Just remove the line from the ssh known_hosts for the old server (1st line of your file in this case) and you'll be fine.

like image 108
eftshift0 Avatar answered Sep 30 '22 16:09

eftshift0