SSH by default will check and keep key fingerprint of all the hosts you've connected to in
~/.ssh/known_hosts. You'll get the following warning if the fingerprint changed from the last time you've connected to the host;
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 51:5b:16:56:a5:cd:9b:1e:11:aa:2b:1c:a2:91:cd:a2. Please contact your system administrator. Add correct host key in /home/user/.ssh/known_hosts to get rid of this message. Offending key in /home/user/.ssh/known_hosts:1 RSA host key for www.example.com has changed and you have requested strict checking. Host key verification failed.
You can fix the problem by whether disabling the key check, or have the right key in your
The check is done for security reason. Proceed only if you know exactly what you're into.
To do this temporarily when connecting to a remote server, add the
StrictHostKeyChecking no option when running your SSH command as in the example below;
$ ssh -o 'StrictHostKeyChecking no' user@host
To make it permanent and system-wide, edit the SSH client configuration file, and add the following line (if it doesn't already exist)
The file can normally be found at
~/.ssh/known_hosts is where the host keys are stored. A sample entry of the file is as the following
192.168.0.111 ecdsa-sha2-nistp256 AAAAE2DjZHNhLXNoYTItbmlzHHAyNBYAAAAIbmlzdHAyNTYAAABBBInXA+7gb/gR0rOWlxzAvlt1SVEPacQBqRVbkDe7M4eZ3OC/yMXEA0QP8va62rGxvEx0quWf1FROQclyPc0NrT0= example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoaTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAACBBInXA+7gb/gR0rOWlxzAvlt1SVEP1mQBqRVbkDe7M4eZ3OC/yMXEl0QP8va62rGxvEx0quWf1FROQclYPc0NrT0= 10.0.0.2 ssh-rsa AAAAB3NzaB1yc2EAAAACAQABAAABAQCu9MUCkl0C7pXE//vtoRoxgVFGKOPWxvf1zA0HKYlCl5hR/HL3TTZbmoqA/aet0VLAunetMOkQuSaLDCaJPQQ21DD5db6CMkjAtUkR/xfGKiT8ZWBitBRE4cbBoPVhY9rjMtHlUFGy7pFYOSVau7rBxhsX9F9pIWDDuBEytjl3q5HAF+qBOKrcdEcsMieXVhcEQRo2HkJ4r/8dR0Nxvtq05X3LAj8tFZJ34ClfA7iiALVRCHYxK8VyJHew1jxBJGbnZU/vIndIcHjJO1TftfBOo7wDo1NeVD0UE7dYszu7mvY4tJKaPAgMGIAUScZ7c2BaLGk9gVLXkRzU+zQ6IpYf
Find and remove the line with the hostname or IP address of the offending hosts using your favourite text editor. You can also use
-R option as in the following example;
$ ssh-keygen -R host
This course is made for Linux admins who seek to secure their Linux work environment by mastering Linux SSH security!