krypted.com

Tiny Deathstars of Foulness

Sometimes when we’re doing work, we end up changing an SSH key. You then access the host using something like this:

ssh krypted@10.10.10.10

When accessing the host you then get a warning similar to the following if the key changed:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
aa:bb:cc:dd:ee:ff:00:11:22:33:00:11:22:33:44:55.
Please contact your system administrator.
Add correct host key in /home/remi/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/remi/.ssh/known_hosts:1
In case you know the host identification has changed, you can safely discard this warning.

To fix you can edit the ~/.ssh/known_hosts file and remove the offending line (usually the number in the Offending ECDSA line) or just regenerate the key using ssh-keygen, which will automatically edit the known_hosts file for you:

ssh-keygen -R 10.10.10.10

September 12th, 2013

Posted In: Mac OS X, Mac OS X Server, Mac Security, Ubuntu

Tags: , , , , ,