65

I'm unable to ssh and rysnc to a remote system. It keeps giving this error message:

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
a3:8f:7c:07:c9:12:d8:aa:cd:c2:ba:b3:27:68:bc:c2.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:8
RSA host key for xxx.xxx.xxx.xxx has changed and you have requested strict checking.
Host key verification failed.
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(601) [sender=3.0.8]

I've removed authorized_keys file from /home/user/.ssh.

Martin Tournoij
  • 26,737
  • 24
  • 105
  • 146
Thiyagarajan Varadharaj
  • 10,154
  • 5
  • 21
  • 18
  • Also please check the rsync error message , ssh: connect to host xxx.xxx.xxx.xxx port 22: Connection refused rsync: connection unexpectedly closed (0 bytes received so far) [sender] rsync error: unexplained error (code 255) at io.c(601) [sender=3.0.8] – Thiyagarajan Varadharaj Dec 28 '11 at 09:31
  • if its not production system then you can do truncate -s 0 /root/.ssh/known_hosts –  Jul 09 '15 at 16:11
  • 1
    https://in.godaddy.com/help/ssh-login-warning-remote-host-identification-has-changed-12161 – Nandhakumar Kittusamy Dec 15 '17 at 12:44

5 Answers5

130

use the following command which removes the old keys from .ssh/known_hosts file

ssh-keygen -R <host>
Talespin_Kit
  • 20,830
  • 29
  • 89
  • 135
  • 5
    If google sent you here, while looking for an answer as to why you suddenly can't access your vagrant box, this answer will help the most. When starting up a new and different vagrant box, that box may generate a new rsa-key that will be different from the previously registered rsa-key for that same local host. If this is this case, you can trust that the change is only a nuisance, and you can remove the old invalid key – andkrup Mar 10 '15 at 13:44
  • 1
    Not just for Vagrant, if you reinstall your machine the key will change. This seems like the cleanest and most secure solution. – Mongus Pong Mar 20 '15 at 21:06
  • any ideas for what to try if this doesn't work?! – Stefan May 22 '15 at 06:39
  • Command not found error ? – Talespin_Kit May 22 '15 at 06:52
  • @Talespin_Kit in my case it's just not remove it: `ssh-keygen -R localhost` -> `/Users/user/.ssh/known_hosts updated.` but string doesn't deleted – skywinder Jan 25 '16 at 14:23
75

The message says "/root/.ssh/known_hosts" not authorized_keys. Remove that file (or at least the corresponding key) from it and you can go again! But be aware that: There must be a reason why the key changed. Was the system reinstalled? Make sure you check that or the whole idea of ssh is void.

BTW.: Is there a reason you ssh as root?

Kasra
  • 891
  • 1
  • 10
  • 17
Nikodemus RIP
  • 1,369
  • 13
  • 20
  • Removing corresponding key ```$ ssh-keygen -R {server.name.com}``` | ```$ ssh-keygen -R {ssh.server.ip.address}``` | ```$ ssh-keygen -R server.example.com``` – DaddyMoe Oct 09 '15 at 11:39
  • @Nikodemus Hey, when i remove `ssh-keygen -f "/root/.ssh/known_hosts" -R instance_ip ` it now shows the error `Permission denied (publickey,gssapi-keyex,gssapi-with-mic).` How should i deal with it? – awhitesong Mar 21 '16 at 13:39
22

The message does explain itself:

  • The remote host identified itself with a key
  • Your previous copy of the key for that host is different
  • So there is a chance that the remote host is not who they say they are

If you trust the remote host, you can delete line 8 from your /root/.ssh/known_hosts and ssh will ask you if it can add the new key next time you try to connect

If you don't trust the remote host, you have to contact the host administrators to find out if and why they changed ssh keys. If they haven't it means your traffic is being intercepted

On the other hand, if you really really trust the remote host (eg it is on an intranet), you can run ssh with 

-oBatchMode=yes -oStrictHostKeyChecking=no
Alftheo
  • 868
  • 7
  • 17
12

You can use sed to remove the offending key at line 8 from your known_hosts file:

sed -i -e 8d /root/.ssh/known_hosts
Pierz
  • 7,064
  • 52
  • 59
9

Just do this:

mv .ssh/known_hosts .ssh/known_hosts_old
Stephan
  • 41,764
  • 65
  • 238
  • 329
user1421092
  • 3,123
  • 2
  • 14
  • 8
  • 1
    by far the best answer! – Jim Feb 27 '14 at 18:05
  • 15
    There's no reason to delete the entire file when the issue is just a single host. – Jian May 07 '14 at 05:53
  • 2
    This seems like an unwise thing to advise to someone who's unfamiliar with how ssh and host keys work. Can you add more detail to your answer for what the implications are for doing this? – John Zumbrum Nov 30 '14 at 15:19
  • 2
    Agree with @Jian, this approach will break every other host that was previously working, and require you to re-trust remote servers. Not good if you are using any batch scripts/automation. – Eddie Jan 05 '15 at 20:39