Lifewithtech

View Original

Tip: Remove bad SSH Key with an easy command

Thomas Fraley

Ok, so most of us have run in the dreaded Remote host identification has changed warning before. Which in turn makes us dig through our known_host file and delete that remote key entry. Wouldn’t it be nice if you didn’t have to even touch that file? Here is a quick command to save you some time and removes that bad entry.

So you SSH'd into your remote machine, just to find the following warning:

Terminal Output:

office:~ thomasfraley$ ssh Hostname.domain.net
'' @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
'' @       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
'' @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
'' The RSA host key for hangout.homeip.net has changed,
'' and the key for the corresponding IP address 192.168.71.89
'' is unknown. This could either mean that
'' DNS SPOOFING is happening or the IP address for the host
'' and its host key have changed at the same time.
'' @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
'' @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
'' @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
'' IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
'' Someone could be eavesdropping on you right now (man-in-the-middle attack)!
'' It is also possible that a host key has just been changed.
'' The fingerprint for the RSA key sent by the remote host is
'' 87:7b:d3:35:42:fb:b9:b2:66:ee:3c:27:b4:17:a1:f8.
'' Please contact your system administrator.
'' Add correct host key in /Users/thomasfraley/.ssh/known_hosts to get rid of this message.
'' Offending RSA key in /Users/thomasfraley/.ssh/known_hosts:2
'' RSA host key for hangout.homeip.net has changed and you have requested strict checking.
'' Host key verification failed.
'' office:~ thomasfraley$ 

At this point we would normally head over to our know_hosts file and delete the entry, either by using vim, nano or a GUI text editor on our local machine 

On most Linux distros it can be found under 
    root/.ssh/known_hosts or ~/.ssh/known_hosts on your Mac

How about we skip all of that and save some time with a short simple command

ssh-keygen -R “hostname or IP”

Examples: depending on if your entry was added as hostname or IP address

  • ssh-keygen -R hostname.domain.net

  • ssh-keygen -R 192.168.71.89

Terminal Output:

office:~ thomasfraley$ ssh-keygen -R Hostname.domain.net
'' Host hangout.homeip.net found: line 2 type RSA
'' /Users/thomasfraley/.ssh/known_hosts updated.
'' Original contents retained as /Users/thomasfraley/.ssh/known_hosts.old
'' office:~ thomasfraley$