SSH known host management
Posted in Linux SysAdmin on September 27th, 2010 by Johan Huysmans – 4 CommentsWhen you frequently connect to ssh servers with changed RSA keys (reinstall, change ip, …) you will know this annoying message:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
ea:34:84:3f:f3:1e:74:78:7e:f7:5f:4d:a3:5d:3d:9f.
Please contact your system administrator.
Add correct host key in /home/johan/.ssh/known_hosts to get rid of this message.
Offending key in /home/johan/.ssh/known_hosts:187
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
X11 forwarding is disabled to avoid man-in-the-middle attacks.
Permission denied (publickey,gssapi-with-mic,password).
After this message you have to remove line 187 from your .ssh/known_hosts file and perform the ssh command again.
If you want to get rid of this message and the altering of the known_hosts file you can add following ssh options to the .ssh/config file:
StrictHostKeyChecking no
UserKnownHostsFile /dev/null