≡ Menu

REMOTE HOST IDENTIFICATION HAS CHANGED

by on 2015/08/14

Host key verification failed when reconnecting ssh

This is a desired and expected behavior to guarantee a secure connection. When running a temporary SSH server on Windows, it can be repetitive.

steps

Begin by starting the SSH server in MobaXterm on Windows where the source software was downloaded
'Servers' > 'Start SSH/SFTP Server' > 'OK'
From the Linux server, ssh into the Windows Server
'ssh WindowsUser@WindowsServer.where.SourceSoftwareIsDownloaded.com'
Alternately, attempt an rsync to rapidly transfer and verify the source software and patch archives (this requires some fiddling to get right).
'rsync -Ivvvrtz -e "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress WindowsUser@WindowsServer.where.SourceSoftwareIsDownloaded.com:/drives/l/ /u01/hyperion/installer'

Some time later, when you attempt to repeat the process, ssh will fail with error like:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
34:df:34:df:34:df:34:df:34:df:34:df:34:df:34:df.
Please contact your system administrator.
Add correct host key in /home/<user>/.ssh/known_hosts to get rid of this message.
Offending key in /home/<user>/.ssh/known_hosts:3
RSA host key for <servername> has changed and you have requested strict checking.
Host key verification failed.

This is caused by stopping and restarting MobaXterm on the Windows server; The SSH Server fingerprint will change.

Delete the offending key (the location of known_hosts will vary):
sed '3d' -i /var/lib/sss/pubconf/known_hosts  
sed -i -e 3d /home/<user>/.ssh/known_hosts

Note: the sed command is worth learning.

description

MobaXterm is the preferred method for facilitating X and SSH between Windows and Unix/Linux. A single portable exe painlessly facilitates the use of standard tools like rsync. This recurs at most clients for transferring 22.7+ GB of  11.1.2.4.000 Oracle EPM Linux files and patches to a Linux server that is not connected to the Internet.
Additional details are in the MobaXterm toolbox post.

In a normal use case (not a temporary SSH server) one should update the offending key, as long as the same hostname is re-used.
ssh-keygen -R <hostname>

external links

Additional thanks for the post:  user mockinterface  help.
Get more information from stackoverflow.


{ 0 comments… add one }

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Next post:

Previous post:


The retail links in our stories, may allow us to earn a small commission. Also, this site is strictly personal experience and personal observation.

I do not express the opinions of, nor do I express the positions of my my employer, clients or colleagues. This site, epm.jonhwilliams.com, in this and other fora expresses personal experiences, personal perspectives and personal opinions. There are also re-expressions of others’ opinions (a.k.a, stuff I found on the Internet) for which every effort is made to appropriately credit. In case of exception, let me know and I will work with you to resolve. Thank you for your patience with this disclaimer, as it was made necessary by the lawyers.”

This site rocks the Classic Responsive Skin for Thesis.

WP Admin