Home / server / Questions / 104316
Accepted
interstar
Asked: 2010-01-20 12:07:02 +0800 CST

ssh "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"

  • 772

I've been using ssh to log-in to a remote server I rent for several years. Last week I got a message from them saying they upgraded my account and server. Now when I go to login, I get this message from ssh

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for mydomain.com has changed,
and the key for the corresponding IP address X.X.X.X
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
XXxXXXXXXX
Please contact your system administrator.
Add correct host key in /home/myaccount/.ssh/known_hosts to get rid of this message.
Offending key in /home/myaccount/.ssh/known_hosts:7
RSA host key for mydomain.com has changed and you have requested strict checking.
Host key verification failed.

Now, I assume that this has been triggered by my host upgrading my server. So I want to trust this site again. But I can't quite see how.

I looked in known_hosts and all there are there are public-keys. But I can't tell which of these comes from the old version of this particular server. Nor do I know how to get a correct key for the host; the previous time I made contact, I think ssh just confirmed with me and automatically saved it. Now it says I've requested strict checking, but I have no idea when I did this or where to reset it.

ssh

3 Answers

  1. Best Answer

    The line:

    Offending key in /home/myaccount/.ssh/known_hosts:7

    indicates that the old key is on line 7 of your known_hosts file. Use your favourite editor to delete line 7. That should make it go away.

    You can also use ssh-keygen -R to remove a entry:

    # ssh-keygen -R hostname -f ~/.ssh/known_hosts

    FYI, those are not public keys but a hashed representation of the hosts.

    You can list the known hosts file with:

    $ ssh-keygen -lv -f ~/.ssh/known_hosts

    It will then display the key and ascii art representation:

    2048 0f:3b:8a:02:75:f1:68:0f:32:8a:7a:0f:ef:69:f8:a0 |1|aa3F96t0nzhqLpt+lJx4msNAGQI=|740B4+NTrQhAx/DWXHf6QLrBpz8= (RSA)
+--[ RSA 2048]----+
|                 |
|  .              |
|   =             |
|o * .            |
|o= o    S        |
|+   .    +       |
|..o.    o .      |
|..++.o . .       |
|E. *B .          |
+-----------------+

    In theory you print this out and keep it in a safe place. When something suspicious happens you have a copy for reference.

    • 10

  2. I'm going to just add that before taking the advice of my esteemed fellow serverfaulties and erasing the line from your known_hosts file, you should talk to customer service at the other end and make sure that they did do something that would have caused this key change.

    • 5

  3. You'll need to edit your /home/myaccount/.ssh/known_hosts file and remove the entry that matches the IP address or hostname of your old server. Afterwards, you should just ssh to your server like you normally do and it will prompt you with a new key and ask if you want to add it. Simply say 'yes' and that's that! :) It shouldn't ask you again unless something has changed.

    Hope that helps.

    EDIT: your known_hosts entry would most likely look something like this

    [hostname or IP address] [keytype, generally ssh-rsa] [key here, i.e. ASDFJAKj3klje35u9086095468kjflADf...]

    • 2