Tag Archives: Warning Permanently

If you have a VPS/server and reinstall it, you may see a message similiar to the below while logging in to it:

scp .ssh/ [email protected]:~/
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
43:ab:e2:c8:66:c3:c3:b7:b3:49:6d:01:57:4b:cd:39.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:4
RSA host key for 192.145.45.167 has changed and you have requested strict checking.
Host key verification failed.
lost connection

 

To fix this, you need to delete the offending host key from .ssh/known_hosts.

You can do this with sed:

sed -i '4d' .ssh/known_hosts[/code]
The "-i" option means, do an "in-place" modification of the file. The "4d" means to delete line number 4 from the file.

So after doing it, try again:
[[email protected]] ~ #sed -i '4d' .ssh/known_hosts
[[email protected]] ~ #scp -r .ssh/ [email protected]:~/
The authenticity of host '192.145.45.167 (192.145.45.167)' can't be established.
RSA key fingerprint is 43:ab:e2:c8:66:c3:c3:b7:b3:49:6d:01:57:4b:cd:39.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.145.45.167' (RSA) to the list of known hosts.
[email protected]'s password:
authorized_keys~                              100%  399     0.4KB/s   00:00
authorized_keys                               100%  801     0.8KB/s   00:00
id_rsa                                        100% 1679     1.6KB/s   00:00
known_hosts                                   100% 1768     1.7KB/s   00:00
id_rsa.pub                                    100%  391     0.4KB/s   00:00

 

I encountered this error while connecting recently too Goo buildserver:

[[email protected] ~]$ ssh2gooserver
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
73:1b:ca:05:7d:e5:10:b2:48:d0:be:70:3a:0f:08:47.
Please contact your system administrator.
Add correct host key in /home/droidzone/.ssh/known_hosts to get rid of this message.
Offending key in /home/droidzone/.ssh/known_hosts:10
RSA host key for buildbot1.snipanet.com has changed and you have requested strict checking.
Host key verification failed.

Solution:

1. Execute the following to remove the key for the server:

$ ssh-keygen -R buildbot1.snipanet.com
/home/droidzone/.ssh/known_hosts updated.
Original contents retained as /home/droidzone/.ssh/known_hosts.old

Now I tried again, and got a different message:

[[email protected] ~]$ ssh2gooserver
The authenticity of host 'buildbot1.snipanet.com (199.167.135.246)' can't be established.
RSA key fingerprint is 73:1b:ca:05:7d:e5:10:b2:48:d0:be:70:3a:0f:08:47.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'buildbot1.snipanet.com' (RSA) to the list of known hosts.
Warning: the RSA host key for 'buildbot1.snipanet.com' differs from the key for the IP address '199.167.135.246'
Offending key for IP in /home/droidzone/.ssh/known_hosts:10
Are you sure you want to continue connecting (yes/no)? yes
[email protected]'s password: 
Creating directory '/home/droidzone'.

I wanted to remove this error message.

So:

emacs /home/droidzone/.ssh/known_hosts

Jump to the offending line: Alt-GG 10

That’s for line number 10, and copy from beginning to end of Line 10 (easier if you have line numbering turned on iin emacs).