Saturday, December 8, 2012

SSH - Remote Host Identification Has Changed



When you see the error below, don't panic. It can be a numerous of reasons to encounter this.


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
33:23:41:5b:67:17:14:56:67:5b:cd:ef:b3:10:a9:5b.
Please contact your system administrator.
Add correct host key in /Users/alice/.ssh/known_hosts to get rid of this message.
Offending key in /Users/alice/.ssh/known_hosts:4
RSA host key for 192.168.1.2 has changed and you have requested strict checking.
Host key verification failed.
lost connection


Some reasons

  1. Accessing VM machine with common IP address
  2. IP topology has changed and caused an update to RSA fingerprint

However, if your network/machine has not been changed for N years, you better perform a security scan with your remote machine. It may be tampered with.

For genuine cases, you can remove this warning by removing the existing host key with the following step (I will be using Alice as example)

1. Navigate to your Users folder that contains .ssh

cd /Users/alice/.ssh

2. VI into known_hosts

vi known_hosts

3. Search for the IP address that cause the issues. You can use VI search command

/192.168.1.2

4. If search successful, the cursor will jump to the IP address. Then, delete the entry by dd command

dd

5. Save the modified file

:wq

Everything is done. You can ssh to your machine again to verify the warning is gone.


No comments:

Post a Comment

Facebook - Control privacy setting of liked page

By default, Facebook displayed your liked page to public. It is the user responsibility to adjust the privacy setting. And in my opinion, F...