Skip to content

Instantly share code, notes, and snippets.

@jpret

jpret/Remote Host Identification Fix.md

Last active August 11, 2021 08:44
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jpret/28907704e7f3d6493625b115976d4a4e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jpret/28907704e7f3d6493625b115976d4a4e to your computer and use it in GitHub Desktop.
Download ZIP
Remote Host Identification Fix
Raw
Remote Host Identification Fix.md

Remote Host Identification Fix

Example warning when a remote ssh server's identification has changed:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
54:80:88:dd:66:86:df:de:0f:9a:db:ad:2e:85:64:49.
Please contact your system administrator.
Add correct host key in /home/cppengineer/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/cppengineer/.ssh/known_hosts:8

This is fixed by removing the old host id from the known hosts file as follows:

1.1 See the last line of the warning for the offending key index:

Offending ECDSA key in /home/cppengineer/.ssh/known_hosts:8

1.2 It might happen that the known_hosts file is hashed and not easily readable. Then use the following command to find the exact line to remove for the specified host:

# Format is:
ssh-keygen -H -F hostname
# Or, if SSH runs on port other than 22
ssh-keygen -H -F '[hostname]:2222'

# Example:
ssh-keygen -H -F 192.168.1.25
# Host 192.168.1.25 found: line 10 type ECDSA
|1|v0sAToYvkd+ ... AIlqmHEQ= ecdsa-sha2-nistp256 AAAAEItbmlz ... pkslysa5Gea99aRjWrI4=
  1. Open the known_hosts file to edit:
vi ~/.ssh/known_hosts
  1. Navigate and remove the ssh key at the index/line indicated in step 1. Here is a list of VI commands to achieve this:
# VI Commands
x - Delete character at the cursor
dd - Delete line
D - Delete contents of line after the cursor
u - Undo last change
U - Undo all changes to the entire line
ESC - Terminate insert mode
k - Move cursor up
j - Move cursor down
h - Move cursor left
l - Move cursor right
:wq - Save the file and quit
  1. After removing the line. Save and quit the file with :wq. Retry the ssh connection and add the connection to the known hosts file through typing yes:
# Establish ssh connection
ssh cppengineer@192.168.1.25

# Example of response + request for connection
"The authenticity of host '192.168.1.25 (192.168.1.25)' cant be established.
ECDSA key fingerprint is 54:80:88:dd:66:86:df:de:0f:9a:db:ad:2e:85:64:49.
Are you sure you want to continue connecting (yes/no)?" yes

# Successful connection and host added to known hosts file
"Warning: Permanently added '192.168.1.25' (ECDSA) to the list of known hosts."
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment