Saturday, December 8, 2012

SCP - RSA Host Key Validation Error

In my previous post (SSH - RSA Host Key Validation Error), I mentioned that SSH will prompt RSA host key validation error if you are connecting to a remote machine that it RSA host key had changed. This will happen if you are connecting to Virtual Machines that share the same IP address.

Actually, not only SSH, SCP will perform the same check and prompt for the same error is RSA host key is mismatch

To work around this issue, you can use the follow command

scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "source file" "destination file"

It uses the exact technic mentioned in my previous post.

SSH - Remote Host Identification Has Changed



When you see the error below, don't panic. It can be a numerous of reasons to encounter this.


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
33:23:41:5b:67:17:14:56:67:5b:cd:ef:b3:10:a9:5b.
Please contact your system administrator.
Add correct host key in /Users/alice/.ssh/known_hosts to get rid of this message.
Offending key in /Users/alice/.ssh/known_hosts:4
RSA host key for 192.168.1.2 has changed and you have requested strict checking.
Host key verification failed.
lost connection


Some reasons

  1. Accessing VM machine with common IP address
  2. IP topology has changed and caused an update to RSA fingerprint

However, if your network/machine has not been changed for N years, you better perform a security scan with your remote machine. It may be tampered with.

For genuine cases, you can remove this warning by removing the existing host key with the following step (I will be using Alice as example)

1. Navigate to your Users folder that contains .ssh

cd /Users/alice/.ssh

2. VI into known_hosts

vi known_hosts

3. Search for the IP address that cause the issues. You can use VI search command

/192.168.1.2

4. If search successful, the cursor will jump to the IP address. Then, delete the entry by dd command

dd

5. Save the modified file

:wq

Everything is done. You can ssh to your machine again to verify the warning is gone.


Sed - Example guide

sed is a very useful stream editor to perform search and replace. Below are some useful tip 1. Usage sed 's/apple/orange/' file...