Thursday, June 7, 2007

known_hosts Clean Up

Have you ever got the following message:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5c:9b:16:56:a6:cd:11:10:3a:cd:1b:a2:91:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:1
RSA host key for [host or IP] has changed and you have requested strict checking.
Host key verification failed.

This usually means that the host IP or name is not matching the entry recorded on known_hosts file. This would be as easy as deleting the entry on the known_hosts file and try to reconnect, but apparantelly on Ubuntu, those entries are encrypted.

This adds security, and if I'm not mistaken is also an option that can be configured on other distros.

If you open you know_hosts file (~/.ssh/known_hosts) you'll see that it looks something like this:

myserver1.com,64.2.5.111 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA11F
V0EnGahT2EK8qElocjuHTsu1jaCfxkyIgBTlxlrOIR

or

[1]AAAB3NzaC1yc2EAAAABIwAAAIEA11FV
0EnGahT2EK8qElocjuHTsu1jaCfxkyIgBTlxl

To get around this problem is very simple. All you have to do is issue the following command:

1- This will delete the entry for the host
$ ssh-keygen -R [hostname or IP]

2- This will display the entry
$ ssh-keygen -F [hostname or IP]

Hope that was enough info. Let me know if you have any question or any corrections

Vic.

5 comments:

kalla said...

Thanks Victor, It helped, i am newbie to linux admin

simoncpu said...

Thanks... I'm used to manually editing ~/.ssh/known_hosts until I encountered this problem...

Anonymous said...

Thanks, saved my life!

Anonymous said...

The "ssh-keygen -R" command not always work in all the systems, in that case you can try:

sed -i".old" 'Nd' ~/.ssh/known_hosts

where "N" is the offending line number on screen.

Soub.

Anonymous said...

Thanks! It's very helpful!