Tuesday, May 15, 2012

SSH - RSA Host Key Validation Error

Technically, this is not an error but a security feature for SSH.

Whenever SSH perform a connection to a remote host, it check ~/.ssh/known_host for IP to RSA key match to prevent malicious attack such as man-in-the-middle.

This warning will occurs when you had previously connected to the host, but however, for the current connection, the host RSA key has changed. In general, we do not expect RSA key of a server to be change frequently. Thus, SSH deems it as a security breach and terminate the connection.

Yes, you could goes to ~/.ssh/known_host to removed the entry for the given IP address. But, it is troublesome especially if your IP is used by multiple machines.

Same IP for multiple machine is possible if you are using Virtual Machine and each Virtual OS is configured with the same IP address.

To bypass this issue in command line, you can do the following

ssh username@host -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
UserKnownHostsFile=/dev/null -> This option make SSH to use the null device as known file. /dev/null will discard all data written to it.
StrictHostKeyChecking=no -> This option make SSH to add host to known host file automatically

Adding the 2 options together, it means SSH will automatically write host key to null device.

Warning: Use this only if you know what you are doing. Because, this command allow you to connect to any server without any security check. It could lead to real security breach.

No comments:

Post a Comment

PuTTY - Keeping session alive

If you have some VPN tunnels that timeout based on activity, you could try the following setting if you are using PuTTY 1) Open PuTTY and...