Fix offending key issue while doing SSH from Ubuntu

From Notes_Wiki

Home > Ubuntu > Server or Desktop administration > Fix offending key issue while doing SSH from Ubuntu


While doing SSH from Ubuntu machine to a formatted machine (older 192.168.1.4 was formatted and OS was reinstalled), we got error related to existing SSH fingerprint of this host in /root/.ssh/known_hosts file as shown below: 

root@ubuntu1:~# ssh root@192.168.1.4
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:...
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:2
  remove with:
  ssh-keygen -f "/root/.ssh/known_hosts" -R "192.168.1.4"
ECDSA host key for 192.168.1.4 has changed and you have requested strict checking.
Host key verification failed.
  • Trying to delete second line of the file as indicated in "/root/.ssh/known_hosts:2" using "sed -i 2d ~/.ssh/known_hosts" also did not help. Exact same error as before with same line number was receive again.
  • Trying to delete key with "ssh-keygen -R root@192.168.1.4" resulted in
Host root@192.168.1.4 not found in /root/.ssh/known_hosts
  • Thus, deleted all known_hosts entries using "rm -f ~/.ssh/known_hosts". Still exact same error was received related to older hosts key, even though there was no /root/.ssh/known_hosts file itself.
  • Update of ssh package also did not help.
  • Finally issue resolved using command suggested in above error message:
root@ubuntu1:~# ssh-keygen -f "/root/.ssh/known_hosts" -R "192.168.1.4"
# Host 192.168.1.4 found: line 2
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old



Home > Ubuntu > Server or Desktop administration > Fix offending key issue while doing SSH from Ubuntu

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Fix_offending_key_issue_while_doing_SSH_from_Ubuntu&oldid=7605"