Mac os warning remote host identification has changed

Как решить на MacOS «REMOTE HOST IDENTIFICATION HAS CHANGED»

Однажды перенес IP адрес на другой сервер и после подключения к нему по SSH из MacOS увидел предупреждение и соответственно подключиться не удалось:

@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:XXXXXXXXX.
Please contact your system administrator.
Add correct host key in /Users/ixnfo/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/ixnfo/.ssh/known_hosts:9
ECDSA host key for [192.168.2.2]:22 has changed and you have requested strict checking.
Host key verification failed.

Проблема возникает из-за того что ранее по данному IP адресу я подключался к одному серверу и в файл known_hosts сохранился ключ, а сейчас это другой сервер с другим ключом.

Если это ваших рук дело и чтобы решить проблему, запустим «Terminal» и откроем файл known_hosts, например в текстовом редакторе nano:

После этого удалим строку с ключом для этого IP адреса.
И при следующем подключении к серверу уже запишется новый ключ.

В редакторе nano находясь на нужно строке удалим ее нажав CTRL+K, потом нажмем Ctrl+X для выхода и «y» или «n» для сохранения или отмены изменений.
Сохранить изменения можно также клавишами Ctrl+O.

Если вы не делали никаких изменений на сервере и видите это предупреждение, то вероятно вы подключаетесь не к своему серверу.

Источник

How to fix the warning: remote host identification has changed! error

Whether you’re connecting with an SFTP client or SSH via the terminal, a common error that comes along is the “warning: remote host identification has changed!” This prevents you from connecting to your website or server. This happens to me now and then, and it’s very annoying, as I’m usually in a hurry to fix something. This error brings me to a halt.

Below I’ll walk you through a few quick and easy ways to resolve the error and get connected again.

What is the “warning: remote host identification has changed!” error?

The error below typically occurs when your SSH keys or server’s connection information has changed. For example, if you recently migrated your website to a new hosting provider, your IP address would be different.

The connection information (IP address and credentials) on your Mac is stored in your known_hosts file. On Windows, it’s stored in the registry. When you use an SFTP client (my favorite is ForkLift) or SSH client (PuTTY), it uses the information to connect to the webserver.

How to fix your known_hosts file on Mac

There are a couple of ways to go about fixing your known_hosts file on a Mac. I prefer using an app, as it’s quick and easy. I never have to remember terminal commands. But I’ll walk you through both methods.

Option 1: Fix known_hosts file with an app (easiest method)

An awesome app called SSH Config Editor lets you manage your SSH client configuration file and other settings. There is a pro version, and I always recommend supporting developers when you can. If you’re on a tight budget, the free version is enough to manage your known_hosts file. Follow the steps below.

Step 1

Install the free SSH Config Editor app.

Step 2

Open SSH Config Editor and click on “File → Open Known Hosts.”

Open known_hosts file

Step 3

Find and highlight the entry that is having the issue. If you aren’t sure which one to choose, you should look up your old and current IP address. If you’re hosting with a provider like Kinsta, this is called your “Site IP address” and can be found in your MyKinsta dashboard.

Then click the trash can icon to delete the entry. Another option would be to remove all the entries.

Delete known_hosts entry

Step 4

Click “Remove” on the following prompt:

Do you want to remove “[xx.xxx.xx.xxx]:xxxxxx” from known hosts?

Step 5

Close the window and click “Save” on the following prompt:

Do you want to save the changes made to the document “known hosts”?

You should now be able to connect to your website and or server again.

You probably won’t need the SSH Config Editor app that often, so I don’t recommend pinning it to your dock. Just leave it installed for the occasions when you do get the connection error.

Option 2: Fix known_hosts file from the terminal

The second option is to clean up the entry from your known_hosts file using the terminal. Follow the steps below.

Step 1

Open the Terminal app. The quickest way is to launch Spotlight and search for “terminal.” Or you can find it under “Utilities → Terminal.”

Step 2

Paste the following command.

Step 3

Remove the entry that is having the issue. If you aren’t sure which one to choose, look up your old and current IP address. Another option would be to remove all the entries.

Step 4

Type Ctrl + X ( ^X ) to exit and select Y for yes when prompted if you want to save the modified buffer.

Terminal nano editor

You should now be able to connect to your website and or server again.

Alternatively, you could delete your entire known_hosts file and let it repopulate. Enter the following command in the terminal.

How to fix your known_hosts file on Windows

Before switching from Windows to Mac, I actually never encountered this error. But I’m documenting the following for you just in case. On Windows, they don’t have a known_hosts file, the information (IP address and credentials) is stored in the registry. Follow the steps below.

Step 1

Open your start menu and search “regedit.” Click “Enter.”

Step 2

Browse to the following registry folder:

Registry Editor SshHostKeys

Step 3

Within the “SshHostKeys” folder, remove the entry that is having the issue. If you aren’t sure which one to choose, look up your old and current IP address. Another option would simply be to remove all the entries.

Click “Yes” when you get the following prompt:

Deleting certain registry values could cause system instability. Are you sure you want to permanently delete this value?

Close the Registry Editor. You should now be able to connect to your website and or server again.

Summary

It’s always annoying to run across errors like these. You would think by now they would have easier ways built into the operating systems to resolve them. For now, we’ll have to resort to our step by step troubleshooting processes.

Hopefully, now you have connected again and are back at work! If this was helpful or you had a problem, leave a comment below.

Brian Jackson

I craft actionable content and develop performance-driven WordPress plugins. Connect on Twitter or subscribe to my newsletter (twice a month, no spam).

Источник

Исправляем ошибку: warning: remote host identification has changed!

Данная ошибка может появляться при попытке подключения к другому компьютеру через ssh и sftp протоколы.

Описание ошибки

Полностью она выглядит так:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:5VLqurxCsGZoX78FWhcaEQkHwAtq+Xzp1tBfOxKQQzE.
Please contact your system administrator.
Add correct host key in /home/ajiekceu4/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/ajiekceu4/.ssh/known_hosts:5
remove with:
ssh-keygen -f «/home/ajiekceu4/.ssh/known_hosts» -R sysadmin.ru
ECDSA host key for sysadmin.ru has changed and you have requested strict checking.
Host key verification failed.

Причина возникновения ошибки

Как видно из описания, данная ошибка может появляться в том случае, когда на устройстве, к которому вы пытаетесь подключиться, изменился ключ и он не совпадает с тем ключом, который вы уже получали ранее, когда осуществляли подключение к этому устройству в предыдущие разы. Причины могут быть разные:

• Был изменен сертификат на устройстве и соответственно поменялся ECDSA ключ (из соображений безопасности, например);
• Переустановлена ОС на устройстве и соответственно изменился сертификат;
• Кто то пытается вас обмануть;

Как ее исправить

Если вы точно знаете, что сертификат на удаленном устройстве, к которому вы пытаетесь подключиться изменился и это не попытка вас обмануть со стороны заинтересованных лиц, то исправить эту ошибку очень просто. Необходимо просто удалить текущий ключ для данного домена (в нашем примере sysadmin.ru), сделать это можно командой, которая описана в самом тексте ошибки:

В случае успеха, вывод команды должен быть примерно таким:

После этого, необходимо еще раз попытаться подключиться к удаленному хосту и подтвердить установку нового ключа, написав «yes»

Источник

Mac OS X Remove SSH Known Host

But I’m getting an error which read as follows:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5c:9b:16:56:a6:cd:11:10:3a:cd:1b:a2:91:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /Users/user/.ssh/known_hosts to get rid of this message.
Offending key in /Users/user/.ssh/known_hosts:1
RSA host key for server1.example.com has changed and you have requested strict checking.
Host key verification failed.

How do I fix this problem under Mac OX X?

You need to run the following command to get rid of this problem. Open the terminal application and then type the following command on your macOS Unix system:

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

Fig.01: Removing /Users/user/.ssh/known_hosts file

/.ssh/known_hosts file which contains a list of host keys for all hosts the user has logged into that are not already in the systemwide list of known host keys.

Test it

Now you can connect to remote host with ssh or sftp or scp command:

Use -p Port to connect to on the remote host using given Port. This can be specified on a per-host basis in the configuration file such as

Getting help

The ssh-keygen command generates, manages and converts authentication keys for ssh. The ssh-keygen can create keys for use by SSH protocol version 2 and do other stuff for use. Hence, read the man page by typing the following commands:
man ssh-keygen
man ssh
man sshd

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Источник

Mac os warning remote host identification has changed

I’m a total noob at this, just brought a raspberry pi and i’m trying to set it up headless using a good old macbook pro and some of the tutorials out there. I dont know much about programing, but I try to make a VPN out of that raspberry, using those:

— raspberry 2 model b
— micro sd card class 10 8go
— raspbian
the raspberry is connected via ethernet cable to my router

on the 1st install i’ve lost it, wasnt focussed enough and things got out of hands, nothing on that really simple step by step tuto was working so I’ve decided to start again, I’ve formated my SD card using sdformater and installed raspbian using pi filler again.
now trying to connect to it via it’s IP using Terminal, and here’s what I get:

Re: SSH warning — WARNING: REMOTE HOST IDENTIFICATION HAS CH

You need to clear the SSH key and generate a new one. Your Mac remember the SSH key generated by the previous installation you had running on the Pi. Now you reinstalled everything, when the Mac is asked to connect to the Pi, it sees it as a different machine with a different SSH Key, which does not match the one it remembers for the IP address you are using.

On the Mac you need to :

To delete the key.

Then run the normal SSH command to connect and it will generate a new key pair automatically.

Re: SSH warning — WARNING: REMOTE HOST IDENTIFICATION HAS CH

You needn’t hide 192.168 addresses. They are private and the internet can’t get there. The chances are that the identical address is used millions of times across the planet.

My main Pi is at 192.168.1.254
I also have one at 192.168.1.253
and 192.168.1.252
and numerous others. Feel free to try and access them.

More recent versions of ssh will give you the cure when it gives the warning, I had it with Ubuntu when I swapped IP addresses on 2 of my Pis.

It helpfully suggested : ssh-keygen -f «/home/sv/.ssh/known_hosts» -R 192.168.1.254

Thats dependent on the path being correct and the Ip address. It doesn’t kill off the whole known_hosts file, just the offending entry. If you’re really keen you can edit the known_hosts file by hand.

Re: SSH warning — WARNING: REMOTE HOST IDENTIFICATION HAS CH

Languages using left-hand whitespace for syntax are ridiculous

DMs sent on Twitter/LinkedIn will be answered next month.
Fake doctors — are all on my foes list.

The use of crystal balls and mind reading is prohibited.

Re: SSH warning — WARNING: REMOTE HOST IDENTIFICATION HAS CH

Re: SSH warning — WARNING: REMOTE HOST IDENTIFICATION HAS CH

Brilliant, thanks guys.

problem solved by that key removal line.

Re: SSH warning — WARNING: REMOTE HOST IDENTIFICATION HAS CH

Because I frequently use a variety of different SD cards with my RPi B & a DHCP reservation for it based on its hardware MAC address, I kept running into the ‘remote host ID has changed’ warning whenever I changed cards & tried to access it from my Mac with ssh.

Clearing the SSH key for that MAC address in

/.ssh/known_hosts on the Mac every time I changed cards would have been annoying so I decided to do (I think) what the warning text suggested by adding a ‘correct’ host key to that file for each SD card I use.

There are different ways to do this but the simplest one I found was as follows:

1. On the Mac, navigate to the

/.ssh/ folder in Finder. Because files & folders starting with a dot are normally hidden, do this by using the Finder’s Go > Go to folder. option (shortcut: Shift + Command + G) & entering «

/.ssh/» (without the quotes) & clicking the «Go» button.

2. Right-click on the known_hosts file in the Finder window & choose «Duplicate» from the contextual menu. This will add a file to the folder named «known_hosts copy» that ssh authentication will ignore.

3. Drag the original known_hosts file to the trash.

4. Boot up the RPi with a SD card that previously generated the warning & ssh to it on the Mac. Because now there is no known_host file on the Mac, it will create a new one with just the host key info for that card in it.

5. To be on the safe side at this point I end the ssh connection but that probably isn’t necessary.

6. Open both the known_host and the known_host copy files in a text editor. I use TextWrangler but TextEdit will probably work as well.

7. Copy the (very long) single line entry in known_host & paste it after the last line in known_host copy on a new line. Add a return (may not be necessary) & save the file.

8. Now move known_host to the Trash & rename known_host copy to known_host in the usual way in the Finder.

9. Repeat steps 1 through 8 as often as necessary for each SD card that generates a warning.

Now known_host has host keys for each SD card so there will be no warning & password authentication will work regardless of which card the RPi is using.

Note: I know all this can be done from the command line in Terminal but I find using the Finder & text editor GUI tools more «Mac-like» & less prone to error.

Anybody see anything wrong with this approach?

Re: SSH warning — WARNING: REMOTE HOST IDENTIFICATION HAS CH

Is there any reason this would happen one day and not happen the next?

I’ve seen the error before so I knew what to do to fix it the first time (even though I couldn’t think of any reason for the key to have changed). Then it happened again a week later and I left it alone. A couple of days after that, my login worked just fine.

My desktop and my Pi both have DHCP reservations that haven’t changed in a while.

Re: SSH warning — WARNING: REMOTE HOST IDENTIFICATION HAS CH

It’s pretty easy to solve this.
just type a ‘sudo’ before using the command I had the same problem with kali linux

Hope this works!

Re: SSH warning — WARNING: REMOTE HOST IDENTIFICATION HAS CH

ssh-keygen -R «your server hostname or ip»

Type this in the terminal without quotes and replace with your ip Address

Re: SSH warning — WARNING: REMOTE HOST IDENTIFICATION HAS CH

ctav01 wrote: Is there any reason this would happen one day and not happen the next?

I’ve seen the error before so I knew what to do to fix it the first time (even though I couldn’t think of any reason for the key to have changed). Then it happened again a week later and I left it alone. A couple of days after that, my login worked just fine.

My desktop and my Pi both have DHCP reservations that haven’t changed in a while.

Re: SSH warning — WARNING: REMOTE HOST IDENTIFICATION HAS CHANGE

I try to SSH connect my RPi via the Terminal window on my Mac. I get that annoying message too. So I tried almost everything now, but I can’t get rid of it. I used the ssh-keygen -R command (of course, with the IP address of my RPi). The known hosts file in the /.ssh/ map on my Mac is edited (it removed the key for that IP address). When I try again, I get that same ****** message over and over again. I tried it with my other RPi, no problems. I even tried to SSH from the other RPi to this one, and that works fine.

I even deleted the known hosts file completely (so it can generate a new one). Again, no joy. The other RPi gives no problem again. And I can still reach the affected RPi via the other RPi.

It looks like Terminal is looking somewhere else too to verify the key.

Источник