82.5 SSH Remote Host Authentication

20211010

When you use ssh to connect to a remote host for the first time you will be confronted with a message like:

The authenticity of host 'rosz (192.168.1.2)' can't be established. 
RSA key fingerprint is 99:1f:eb:c2:8f:cb7:33:23:1f:4c:e5:51:20:e9:85:5a. 
Are you sure you want to continue connecting (yes/no)? 

SSH does not know this host. Type yes to add the fingerprint of this host to ~/.ssh/known_hosts. Next time you connect to this remote host you should not get this message.

If the remote host is rebuilt, for example, then it’s fingerprint will also change. ssh will refuse to connect and you may see a message starting with:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
8f:67:e3:b5:ea:14:2e:a1:a5:c7:76:1d:02:f8:77:00.
Please contact your system administrator.
Add correct host key in /home/kayon/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/kayon/.ssh/known_hosts:4
RSA host key for example.com has changed and you have requested strict checking.
Host key verification failed.

You can update the fingerprint for the IP address of example.com (supposing it is 192.168.0.45) with:

ssh-keygen -R 192.168.178.0.45

Or you could turn off strict host key checking on connecting with:

ssh -oStrictHostKeyChecking=no kayon@example.com

The nuclear option is:

rm ~/.ssh/known_hosts

This removes all record of keys/fingerprints for all previous connections you have made through ssh and when you connect again using ssh you will be warned and asked to add the key.



Your donation will support ongoing availability and give you access to the PDF version of this book. Desktop Survival Guides include Data Science, GNU/Linux, and MLHub. Books available on Amazon include Data Mining with Rattle and Essentials of Data Science. Popular open source software includes rattle, wajig, and mlhub. Hosted by Togaware, a pioneer of free and open source software since 1984. Copyright © 1995-2022 Graham.Williams@togaware.com Creative Commons Attribution-ShareAlike 4.0