12

I have several virtual machines installed on my computer, to which I connect via ssh:

ssh vm1@localhost

or

ssh vm2@localhost

So every time I connect to different vm I need to edit my ~/.ssh/known_hosts file in order to get rid of: “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!” message.

Is there any way to trust automatically all VMs on localhost?

eparvan
  • 1,639
  • 1
  • 15
  • 26
  • How should those commands connect to different systems? They all connect to your local host. – arkascha Nov 04 '16 at 10:46
  • @arkascha — Presumably through port forwarding. – Quentin Nov 04 '16 at 10:46
  • @Quentin Even so, why should that port forwarding behave different depending on the account name? – arkascha Nov 04 '16 at 10:48
  • @arkascha — It doesn't. The change is behaviour is due to one VM being shutdown and another one being started up … so the port forwarding goes to a different host. – Quentin Nov 04 '16 at 10:50
  • I'm using VirtualBox, so when I need `vm2`, I'm shutting down `vm1` and vice versa – eparvan Nov 04 '16 at 10:50
  • Possible duplicate of [ssh remote host identification has changed](http://stackoverflow.com/questions/20840012/ssh-remote-host-identification-has-changed) – Rich Feb 24 '17 at 17:08

5 Answers5

18

In your configuration (e.g. ~/.ssh/config) you can trash the known hosts for a specific hostname:

Host localhost
        HostName localhost
        UserKnownHostsFile=/dev/null
        StrictHostKeyChecking=no

credit

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
11

You can try modifying the ~/.ssh/known_hosts file.

Deleating all inside the file is an option**, you can do it with nano or your favorite editor. Eg.:

nano ~/.ssh/known_hosts

Try again the connection, it should work

ssh -i ~/.ssh/yourkey.pub vm1@localhost

**nevertheless it would be a good practice if you only delete the row associated to the conflict.

megelon
  • 119
  • 1
  • 6
3

You can disable host checking specifically for localhost by setting NoHostAuthenticationForLocalhost to yes in ~/.ssh/config as follows.

NoHostAuthenticationForLocalhost yes

Note that this does not work when connecting to localhost on another machine through jump hosts.

Alternatively, you could still achieve host checking like normal by defining a distinct HostKeyAlias for each host. This has the added benefit of working over jump hosts, too. The following example configuration of ~/.ssh/config demonstrates this.

Host vm1
  HostName localhost
  HostKeyAlias vm1.localhost

Host vm2
  HostName localhost
  HostKeyAlias vm2.localhost

This is recommended for this situation by the ssh_config manpage.

HostKeyAlias Specifies an alias that should be used instead of the real host name when looking up or saving the host key in the host key database files and when validating host certificates. This option is useful for tunneling SSH connections or for multiple servers running on a single host.

jwillikers
  • 224
  • 2
  • 11
2
ssh-keygen -R YourIPorDomainName

With this, ~/.ssh/known_hosts will be updated along with .old backup.

goodhyun
  • 4,814
  • 3
  • 33
  • 25
0

For bitbucket users faced this issue after May 2023.

Do the following in the git terminal:

ssh-keygen -R bitbucket.org && curl https://bitbucket.org/site/ssh >> ~/.ssh/known_hosts

More details in the guide.

Dmitry Smolyaninov
  • 2,159
  • 1
  • 18
  • 32