One of our team member used to delete entire know_hosts file content when he see below error message. This is because either host changed it’s keys or some how the entry is corrupted.
root@linuxnix:/home/locserver# ssh root@ansible1.linuxnix.com @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The ECDSA host key for ansible1.linuxnix.com has changed, and the key for the corresponding IP address 23.253.102.81 is unchanged. This could either mean that DNS SPOOFING is happening or the IP address for the host and it's host key have changed at the same time. Offending key for IP in /root/.ssh/known_hosts:346 remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R 23.253.102.81 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is dd:83:c4:03:7e:3e:7a:e2:bd:29:5f:69:0d:62:f3:49. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /root/.ssh/known_hosts:334 remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R ansible1.linuxnix.com ECDSA host key for ansible1.linuxnix.com has changed and you have requested strict checking. Host key verification failed.
In order to eliminate this issue we can either remove everything from ~/.ssh/known_hosts or delete that particular host entry by using ssh-keygen command.
Option1: If you want to delete key directly by editing known_hosts file, we can find key by using -F option.
ssh-keygen -F ansible1.linuxnix.com
Output:
surendra@linuxnix:~$ ssh-keygen -F anasible1.linuxnix.com # Host ansible1.linuxnix.com found: line 7 type RSA |1|j2JLctpOy+uu1cScN3mGPawior0=|3XS3kvwf4iLGt98GM72b46QtfFQ= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxawdaEM4FQd7BC+g3922niTh9QBtOduCqkNaa+mI9FAwh4GobX75ooc0NGQW66ROlkoBG8Dk0Ur7q46HePw6MZ8I0TiJsShBbCbWX7dr/RS7W4j7g+gCJ6Mu8opmTpNhtlxbU3UVLxf46utMB3vyxfZZ4cFknfLcp/lS/y5vleqgp4ekkd3lXekpWRGtT0Z53h/4FrdjMIGkvtB8MCVz8ZW9vwIxsM5IOrXRLfqZ1FUnF9hx8QaTyTu+T+gsBBp7xQykUmqEbswNA61+tj5Js+Xldjr84InGgHvcRkZ60KVg7t/lbgNYodFk+AAZy5D5TrbzsEIJeunz77NFTZjuYw==
Option2: If you don't want to edit file directly we can use -R to remove the host entry from the file.
ssh-keygen -R ansible1.linuxnix.com
Output:
surendra@linuxnix:~$ ssh-keygen -R ansible1.linuxnix.com # Host ansible1.linuxnix.com found: line 7 type RSA /home/surendra/.ssh/known_hosts updated. Original contents retained as /home/surendra/.ssh/known_hosts.old
The following two tabs change content below.
Mr Surendra Anne is from Vijayawada, Andhra Pradesh, India. He is a Linux/Open source supporter who believes in Hard work, A down to earth person, Likes to share knowledge with others, Loves dogs, Likes photography. He works as Devops Engineer with Taggle systems, an IOT automatic water metering company, Sydney . You can contact him at surendra (@) linuxnix dot com.
Latest posts by Surendra Anne (see all)
- Docker: How to copy files to/from docker container - June 30, 2020
- Anisble: ERROR! unexpected parameter type in action:
Fix - June 29, 2020 - FREE: JOIN OUR DEVOPS TELEGRAM GROUPS - August 2, 2019
- Review: Whizlabs Practice Tests for AWS Certified Solutions Architect Professional (CSAP) - August 27, 2018
- How to use ohai/chef-shell to get node attributes - July 19, 2018
