Warning remote host identification has changed it is possible that someone is doing something nasty

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

Ошибка возникающая при подключении на Mac OS к серверу по SSH в том случае, если сервер был переустановлен и изменил свою конфигурацию.

При первом подключении в операционной системе Mac OS к удалённому серверу сохраняется уникальный идентификатор ECDSA key fingerprint.

User_name$ ssh root@111.111.111.111
The authenticity of host ‘111.111.111.111 (111.111.111.111)’ can’t be established.
ECDSA key fingerprint is SHA256:JoLuu0OG8Fu5nAkyfsgFGHM347sN/FGsm37xnsGJS.
Are you sure you want to continue connecting (yes/no)? y
Please type ‘yes’ or ‘no’: yes

И если на стороне сервера меняется его конфигурация, то сохранённый fingerprint к этому ip адресу уже не подходит. При подключении через Терминал в Mac Os к серверу будет возникать ошибка следующего рода:

Для исправления ошибки нужно удалить fingerprint к этому ip адресу.

Вариант 1

Используем консольную команду:

вместо единичек надо указать свой адрес.

И fingerprint будет удален из файла known_hosts:

Предыдущая версия файла known_hosts будет сохранена с именем known_hosts.old.

Вариант 2

Открыть файл через known_hosts:

И удалить там строку с нужным ip адресом.

После чего можно заново подключаться.

English Query (запросы по теме на английском языке)

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED

Someone could be eavesdropping on you right now

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY

Читайте также

Кстати, на сайте нет рекламы. У сайта нет цели самоокупаться, но если вам пригодилась информация можете задонатить мне на чашечку кофе в макдаке. Лайкнуть страницу или просто поблагодарить. Карма вам зачтется.

«Remote host identification has changed» warning when connecting over SSH

I got this message today when trying to log into my server. What should I do? Whats going on?

10 Answers 10

Did you recently reinstall the OS on your server or anything like that? That would cause this.

Solution #1: Remove keys using ssh-keygen

Now, you can connect to the host without a problem.

Solution #2: Add correct host key in /home/user/.ssh/known_hosts

It is not necessary to delete the entire known_hosts file, just the offending line in that file. For example if you have 3 server as follows.

To delete 2nd server (myserver.com), open file:

And hit dd command to delete line. Save and close the file. Or use following

Now go to line # 2, type the following command

Now delete line with dd and exit:

Or you can use the sed command as follows to delete offending key at line # 44:

Solution 3: Just delete the known_hosts file If you have only one ssh server

Try connecting with ssh again
Now you should be able to connect your server via ssh:

Next, you will get a fresh prompt to add key to

/.ssh/known_hosts as follows:

From what I can tell, all these answers are about suppressing the warning, instead of dealing with it. In short, the warning is telling you that the server doesn’t look like it used to look; see https://en.wikipedia.org/wiki/Man_in_the_middle_attack for why this may be a danger.

VERIFYING HOST KEYS

When connecting to a server for the first time, a fingerprint of the server’s public key is presented to the user (unless the option StrictHostKeyChecking has been disabled). Fingerprints can be determined using ssh-keygen(1):

To be on the safe side, you (or someone you trust) should have run this command first on the server you are connecting to. It will give you a fingerprint looking sort of like the one given in the warning in the question. Of course, often you don’t have this info, but if you have reason to suspect something is up, running that command is the way to check if the server signature has really changed, or if there may be something suspicious going on.

Как решить на MacOS «REMOTE HOST IDENTIFICATION HAS CHANGED»

Однажды перенес IP адрес на другой сервер и после подключения к нему по SSH из MacOS увидел предупреждение и соответственно подключиться не удалось:

@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:XXXXXXXXX.
Please contact your system administrator.
Add correct host key in /Users/ixnfo/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/ixnfo/.ssh/known_hosts:9
ECDSA host key for [192.168.2.2]:22 has changed and you have requested strict checking.
Host key verification failed.

Проблема возникает из-за того что ранее по данному IP адресу я подключался к одному серверу и в файл known_hosts сохранился ключ, а сейчас это другой сервер с другим ключом.

Если это ваших рук дело и чтобы решить проблему, запустим «Terminal» и откроем файл known_hosts, например в текстовом редакторе nano:

После этого удалим строку с ключом для этого IP адреса.
И при следующем подключении к серверу уже запишется новый ключ.

В редакторе nano находясь на нужно строке удалим ее нажав CTRL+K, потом нажмем Ctrl+X для выхода и «y» или «n» для сохранения или отмены изменений.
Сохранить изменения можно также клавишами Ctrl+O.

Если вы не делали никаких изменений на сервере и видите это предупреждение, то вероятно вы подключаетесь не к своему серверу.

ssh fails with «Warning: Remote Host Identification Has Changed!»

Question & Answer

Question

What does «WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!» mean and how do I correct the problem?

Cause

When host keys on a remote system have changed, either because they were manually regenerated or because ssh was re-installed, the new host key will not match the one stored in the user’s known_hosts file, and ssh will report the error then exit.

Answer

Example:
# ssh myuser@cupcake
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d7:3b:a3:5b:88:d2:f4:96:80:0d:8e:a0:8d:44:a2:d2.
Please contact your system administrator.
Add correct host key in /home/myuser/.ssh/known_hosts to get rid of this message.
Offending key in /home/myuser/.ssh/known_hosts:4
RSA host key for cupcake has changed and you have requested strict checking.
Host key verification failed.

If you are confident that the host key changed for a known reason (i.e. a re-install of the openssh filesets on the server), then you can use the ssh-keygen command, as the user who received the error, to remove the offending key.

Alternately, you can run the ssh-keygen as root, but you will need to specify the known_hosts file reported in the error.

Then try the ssh again. You will be prompted to confirm that you trust the new host key.

# ssh myuser@cupcake
The authenticity of host 'cupcake (127.0.0.1)' can't be established.
RSA key fingerprint is d7:3b:a3:5b:88:d2:f4:96:80:0d:8e:a0:8d:44:a2:d2.
Are you sure you want to continue connecting (yes/no)?

After you type ‘yes’, ssh will add the new key to your known_hosts file and proceed.

Possible DNS spoofing detected. Remote host identification has changed

I simply need to obtain a new SSH key from the new server and put it in my local computer to fix this, correct? Thank you.

2 Answers 2

Trending sort

Trending sort is based off of the default sorting method — by highest score — but it boosts votes that have happened recently, helping to surface more up-to-date answers.

It falls back to sorting by highest score if no posts are trending.

Switch to Trending sort

If you actually have a new server and you refer to it with the same name or the same IP of the old one, then it’s more than likely that the ssh certificates are not the same and you would get a spoofing warning message for it. in the message you can see that ssh is pointing to the line where the old certificate information is: /c/Users/[username]/.ssh/known_hosts:1. Long story short: If you changed server then it’s expected that ssh certificates are not the same. Just remove the line from the ssh known_hosts for the old server (1st line of your file in this case) and you’ll be fine.

The warning message gives better explanation here. The RSA host key for example.net has changed, and the key for the corresponding IP address [IP address of new server] is unknown.

Let’s compare two scenarios before you change the IP of example.net (10.0.0.0) and after you change the IP of example.net (10.0.0.1).

10.0.0.2>> ssh user@example.net The host fingerprint of the server 10.0.0.0 is stored in known hosts file of the server 10.0.0.2.

10.0.0.2>> ssh user@example.net Now the example.net is pointing to 10.0.0.1 but in known hosts file example.net is still having the host fingerprint of 10.0.0.0. So you get a warning whenever you try to ssh to example.net because the host key has changed since it’s a new server. As per ssh, it thought that someone else has got access to your DNS and possibly changed the endpoint of the DNS to any wrong server that’s why you are facing DNS spoofing warning.

To acknowledge it, you need to say the ssh that you are the one who changed it purposely. For that just remove the old host key entry from the known_host file of server 10.0.0.2 and remove entry for 10.0.0.0.