HomeCentos 6SSH WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

SSH WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

Software Effect Enterprises, Inc Posted on by

You go to ssh to a system and you get the following message

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for server.domain.com has changed,
and the key for the corresponding IP address 10.128.15.2
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/user/.ssh/known_hosts:15

and/or

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:XWpdl670wX8n891vPQNYz/OhbBV9nHJwN1rigqyRU6I.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/user/.ssh/known_hosts:1
ECDSA host key for server.domain.com has changed and you have requested strict checking.
Host key verification failed.

If you have been modifying, updating, reloading, replacing, and/or changing ip addresses (including dhcp changes) on equipment the fix is below. If you have not been doing any of that, there is a chance the equipment has been compromised and you need to find out what has broken in and what needs to be fixed

To clear this message, use the command

ssh-keygen -R sever.domain.com

and you will a response simular to the following:

# Host server.domain.com found: line 13
/home/user/.ssh/known_hosts updated.
Original contents retained as /home/user/.ssh/known_hosts.old

now when you ssh to the target system, you will get the message:

The authenticity of host 'server.domain.com (10.128.15.2)' can't be established.
ECDSA key fingerprint is SHA256:XWpdl670wX8n891vPQNYz/OhbBV9nHJwN1rigqyRU6I.
ECDSA key fingerprint is MD5:26:f2:00:2b:a0:0c:c3:18:a9:df:d1:e8:c5:55:4b:0e.
Are you sure you want to continue connecting (yes/no)?

answer yes to the above question and you will get the following message and get logged into the target system

Warning: Permanently added 'monitor.ptfs.biz,10.128.15.2' (ECDSA) to the list of known hosts.
Last login: Sun Dec 22 07:40:35 2019 from 10.9.6.193
[user@server ~]$

Important note: If ssh is not running on port 22 –

If you have ssh running on a non standard port – use the following command to clear the entry from the known_hosts file. In this example, ssh is running on port 9999

ssh-keygent -R [server.domain.com]:9999

Note the addition of the square brackets and the port number

 

Comments are closed.