Child pages
  • What to do When a Remote Machines RSA Key has Changed
Skip to end of metadata
Go to start of metadata

Questions Addressed

  • What do I do if a remote machine's RSA key has changed? What do I do if a remote machine's RSA key has changed?

If steps aren not taken to preserve host keys after an Operating System upgrade, or if a new host taken the IP of an existing host you may encounter the following messages. If you have SSH into the machine before the key change, you will not be able to SSH into the machine again until you remove the old key and replace it with the new one. This is the following message you would receive:

Someone could be eavesdropping on you right now(man-in-the-middle attack)
It is also possible that the RSA host key has been changed.
The fingerprint for the RSA key sent by the remote host is
md5 33:56:db:62:15:04:54:4a:34:a4:71:8c:c1:d1:af:58.
Please contact your system administrator.
Add correct host key in /home/username/.ssh/known_hosts
Offending key is entry 13 in /home/username/.ssh/known_hosts
RSA host key for sonic has changed and you have requested strict checking.
lost connection 

To fix this, open up the known_hosts file in a text editor (vi and pico are two examples). To do so you would copy the path that your terminal gives you.

For vi users where 13 is the line number of the offending key, (the ddZZ deletes the line, saves the file, and exits the editor) Enter:

vi +13  /home/username/.ssh/known_hosts
In this example I would enter: "pico /home/username/.ssh/known_hosts"

On my machine I would enter "pico /Users/gcarino/.ssh/known_hosts"

If the offending key was host "sonic" for example, I would do a '^W' and search for sonic. And then do a '^K' to cut the line.

Exit and save to the same file.

Now if I want to ssh into sonic, I will have to confirm the addition of the new RSA key into the "known_hosts" file and it will then allow me to connect.

If you need further assistance, please contact IGPP Net Ops.

  • No labels