Warning remote host identification has changed ssh linux

Исправляем ошибку: warning: remote host identification has changed!

Данная ошибка может появляться при попытке подключения к другому компьютеру через ssh и sftp протоколы.

Описание ошибки

Полностью она выглядит так:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:5VLqurxCsGZoX78FWhcaEQkHwAtq+Xzp1tBfOxKQQzE.
Please contact your system administrator.
Add correct host key in /home/ajiekceu4/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/ajiekceu4/.ssh/known_hosts:5
remove with:
ssh-keygen -f «/home/ajiekceu4/.ssh/known_hosts» -R sysadmin.ru
ECDSA host key for sysadmin.ru has changed and you have requested strict checking.
Host key verification failed.

Причина возникновения ошибки

Как видно из описания, данная ошибка может появляться в том случае, когда на устройстве, к которому вы пытаетесь подключиться, изменился ключ и он не совпадает с тем ключом, который вы уже получали ранее, когда осуществляли подключение к этому устройству в предыдущие разы. Причины могут быть разные:

• Был изменен сертификат на устройстве и соответственно поменялся ECDSA ключ (из соображений безопасности, например);
• Переустановлена ОС на устройстве и соответственно изменился сертификат;
• Кто то пытается вас обмануть;

Как ее исправить

Если вы точно знаете, что сертификат на удаленном устройстве, к которому вы пытаетесь подключиться изменился и это не попытка вас обмануть со стороны заинтересованных лиц, то исправить эту ошибку очень просто. Необходимо просто удалить текущий ключ для данного домена (в нашем примере sysadmin.ru), сделать это можно командой, которая описана в самом тексте ошибки:

В случае успеха, вывод команды должен быть примерно таким:

После этого, необходимо еще раз попытаться подключиться к удаленному хосту и подтвердить установку нового ключа, написав «yes»

Источник

Warning: Remote Host Identification Has Changed error and solution

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5c:9b:16:56:a6:cd:11:10:3a:cd:1b:a2:91:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:1
RSA host key for ras.mydomain.com has changed and you have requested strict checking.
Host key verification failed.

How do I get rid of this message?

If you have reinstalled Linux or UNIX server with OpenSSH, you will get the above error from client computer as follows:

Fig.01: “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED” error

Solution #1: Remove keys using ssh-keygen

Use the -R option to removes all keys belonging to hostname from a known_hosts file. This option is useful to delete hashed hosts. If your remote hostname is server.example.com, enter:
$ ssh-keygen -R < server.name.com >
$ ssh-keygen -R < ssh.server.ip.address >
ssh-keygen -R < ssh.server.ip.address >-f < /path/to/known_hosts >
$ ssh-keygen -R server.example.com
Sample output:

Now, you can connect to the host without a problem.

Solution #2: Add correct host key in /home/user/.ssh/known_hosts

It is not necessary to delete the entire known_hosts file, just the offending line in that file. For example if you have 3 server as follows.
myserver1.com,64.2.5.111 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA11FV0EnGahT2EK8qElocjuHTsu1jaCfxkyIgBTlxlrOIRchb2pw8IzJLOs2bcuYYfa8nSXGEcWyaFD1ifUjfHelj94AAAAB3NzaC1yc2EAAAABIwAAAIEA11FV0E
nGahT2EK8qElocjuHTsu1jaCfxkyIgBTlxlrOIRchb2pw8IzJLOs2bcuYYfa8nSXGEcWyaFD1ifUjfHelj94H+uv304/ZDz6xZb9ZWsdm+264qReImZzruAKxnwTo4dcHkgKXKHeefnBKyEvvp/2ExMV9WT5DVe1viVwk=
myserver2.com,125.1.12.5 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAtDiERucsZzJGx/1kUNIOYhJbczbZHN2Z1gCnTjvO/0mO2R6KiQUP4hOdLppIUc9GNvlp1kGc3w7B9tREH6kghXFiBjrIn6VzUO4uwrnsMbnAnscD5EktgI7fG4ZcNUP 5+J7sa3o+rtmOuiFxCA690DXUJ8nX8yDHaJfzMUTKTGxQz4M/H2P8L2R//qLj5s3ofzNmgSM9lSEhZL/IyI4NxHhhpltYZKW/Qz4M/H2P8L2R//qLj5s3ofzNmgSM9lSEhZL/M7L0vKeTObue1SgAsXADtK3162a/Z6MGnAazIviHBldxtGrFwvEnk82+GznkO3IBZt5vOK2heBnqQBfw=
myserver3.com,125.2.1.15 ssh-rsa
5+J7sa3o+rtmOuiFxCA690DXUJ8nX8yDHaJfzMUTKTGx0lVkphVsvYD5hJzm0eKHv+oUXRT9v+QMIL+um/IyI4NxHhhpltYZKW
as3533dka//sd33433////44632Z6MGnAazIviHBldxtGrFwvEnk82/Qz4M/H2P8L2R//qLj5s3ofzNmgSM9lSEhZL/M7L0vKeTObue1SgAsXADtK3162a/Z6MGnAazIviHBldxtGrFwvEnk82+GznkO3IBZt5vOK2heBnqQBfw==
To delete 2nd server (myserver.com), open file:
# vi +2 .ssh/known_hosts
And hit dd command to delete line. Save and close the file. Or use following
$ vi

/.ssh/known_hosts
Now go to line # 2, type the following command
:2
Now delete line with dd and exit:
dd
:wq

Or you can use the sed command as follows to delete offending key at line # 44:
$ sed -i 44d

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

Solution 3: Just delete the known_hosts file If you have only one ssh server

$ cd
$ rm .ssh/known_hosts
$ ssh ras.mydomain.com

Try connecting with ssh again

Now you should be able to connect your server via ssh:
ssh username@server-ip-here
ssh nixcraft@server1.cyberciti.biz
Next, you will get a fresh prompt to add key to

/.ssh/known_hosts as follows:

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Источник

Warning remote host identification has changed ssh linux

Last updated on: 2018-06-14

Authored by: Rackspace Support

The first time you try to connect to a newly-rebuilt Cloud Server, you might receive a message similar to the following one:

Although the message might be alarming, there is no attack occurring. The RSA key on your Cloud Server was changed when you rebuilt it, and your SSH client is warning you that the discrepancy might be the fault of an attacker.

Important: If you see this message at any other time, you should not enter your credentials and should investigate further.

To prevent the message from occurring again, reset the known host key.

Review the following lines of information in your SSH file:

The first line provides the file name and the line number of the old key.

Use one of the following methods to change to the new RSA host key:

Open the .ssh/known_hosts file in your text editor and delete line 15.

Run the following Linux command, replacing the IP and path name as appropriate.

The next time you attempt to log in, SSH should tell you that the host key is unknown and ask if you want to connect and save the new key.

For more information about the SSH key and its security implications, see this article about checking the SSH key via the web console.

Share this information:

©2020 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

Источник

How to fix: «WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED» on Mac and Linux

SSH, or Secure Shell, is a very common way to securely access remote machines, typically via the command line. It aims at ensuring that your connection, and therefore all data passed, is free from eavesdropping. Because of this, there are quite a few checks built-in to the popular SSH clients, like OpenSSH, that ensure your connection can’t be compromised.

An example of one of these checks is the following, which identifies when the fingerprint of a server has changed:

When you connect to a server via SSH, it gets a fingerprint for the ECDSA key, which it then saves to your home directory under

/.ssh/known_hosts . This is done after first connecting to the server, and will prompt you with a message like this:

If you enter ‘yes’, then the fingerprint is saved to the known_hosts file, which SSH then consults every time you connect to that server.

But what happens if a server’s ECDSA key has changed since you last connected to it? This is alarming because it could actually mean that you’re connecting to a different server without knowing it. If this new server is malicious then it would be able to view all data sent to and from your connection, which could be used by whoever set up the server. This is called a man-in-the-middle attack. This scenario is exactly what the «WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!» message is trying to warn you about.

Of course, this isn’t always the case, and there are many reasons for the ECDSA key fingerprint to change for a server. In my case, I had an elastic IP address on AWS and assigned it to a different server after redeploying our application. The IP address and hostname I was connecting to were the same, but the underlying server was different, which is what tripped the SSH client to issue this warning.

Fixing the Issue

If you are 100% sure that this was expected behavior and that there is no potential security issue, you’ll need to fix the issue before continuing.

The easiest ways I’ve found to fix this problem is the following two solutions.

Manually Resolve via known_hosts

• In the warning message find the line that tells you where the offending ECDSA key is located in the known_hosts file. In my example this line said «Offending ECDSA key in /Users/scott/.ssh/known_hosts:47», which refers to line 47.
• Open the known_hosts file specified in the warning message
• Delete the line specified in the warning message

By deleting this line, your SSH client won’t have an ECDSA key fingerprint to compare to, and thus will ask you again to verify the authenticity of the server the next time you connect. Once done, you’ll have a new fingerprint in our known_hosts file for this server, and the warning will be gone.

Resolve Using ssh-keygen

Another solution would be to use the ssh-keygen utility to delete the offending key from your known_hosts file, which can be done with the following command:

Источник

Fix “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED” Error In Linux

Today, I tried to SSH into my remote Ubuntu 20.04 LTS server and encountered with this message — WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! .

Sample output:

This is actually not an error message. It is just a security notification that indicates the ECDSA host key for the given remote system has changed since you last connected. As you might already know, when we access a remote system for the first time from a local system via SSH, a fingerprint for the ECDSA key sent by that remote host is cached and stored in $HOME/.ssh/known_hosts file in our local system.

When the identity (fingerprint) has changed after you reinstalled the remote system or assigned a same IP address for multiple remote systems, the above warning message shows up.

Fix «WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED» Error In Linux

To fix this issue, simply remove the cached key for the IP address on the local system using command:

Sample output:

You can also explicitly specify the path of the known_hosts file with -f flag like below.

The above command will delete all keys belonging to remote host from the known_hosts file of the local system. And also the old contents of the known_hosts file will be retained in a file named «known_hosts.old».

If you use different SSH port, you need to explicitly mention it like below:

Here, 1234 is the SSH port number. Replace it with your actual SSH port number.

After removing the keys, try again to SSH into the remote system using command:

Type «yes» and hit ENTER to add the remote host key in your local system:

Now you can able to access the remote system via SSH.

Источник