≡ Menu

REMOTE HOST IDENTIFICATION HAS CHANGED

Host key verification failed when reconnecting ssh

This is a desired and expected behavior to guarantee a secure connection. When running a temporary SSH server on Windows, it can be repetitive.

steps

Begin by starting the SSH server in MobaXterm on Windows where the source software was downloaded
'Servers' > 'Start SSH/SFTP Server' > 'OK'
From the Linux server, ssh into the Windows Server
'ssh WindowsUser@WindowsServer.where.SourceSoftwareIsDownloaded.com'
Alternately, attempt an rsync to rapidly transfer and verify the source software and patch archives (this requires some fiddling to get right).
'rsync -Ivvvrtz -e "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress WindowsUser@WindowsServer.where.SourceSoftwareIsDownloaded.com:/drives/l/ /u01/hyperion/installer'

Some time later, when you attempt to repeat the process, ssh will fail with error like:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
34:df:34:df:34:df:34:df:34:df:34:df:34:df:34:df.
Please contact your system administrator.
Add correct host key in /home/<user>/.ssh/known_hosts to get rid of this message.
Offending key in /home/<user>/.ssh/known_hosts:3
RSA host key for <servername> has changed and you have requested strict checking.
Host key verification failed.

This is caused by stopping and restarting MobaXterm on the Windows server; The SSH Server fingerprint will change.

Delete the offending key (the location of known_hosts will vary):
sed '3d' -i /var/lib/sss/pubconf/known_hosts  
sed -i -e 3d /home/<user>/.ssh/known_hosts

Note: the sed command is worth learning.

description

MobaXterm is the preferred method for facilitating X and SSH between Windows and Unix/Linux. A single portable exe painlessly facilitates the use of standard tools like rsync. This recurs at most clients for transferring 22.7+ GB of  11.1.2.4.000 Oracle EPM Linux files and patches to a Linux server that is not connected to the Internet.
Additional details are in the MobaXterm toolbox post.

In a normal use case (not a temporary SSH server) one should update the offending key, as long as the same hostname is re-used.
ssh-keygen -R <hostname>

external links

Additional thanks for the post:  user mockinterface  help.
Get more information from stackoverflow.


{ 0 comments… add one }

Leave a Comment