I used to connect to a server via SSH. But after about a year of not connecting to the server, I tried connecting again when I was met with the error message 'Host key verification failed'. How do I rectify this in order to connect with the server again?
I searched for this in the net and wanted to delete the line manually but could locate the key. the 'ssh-keygen -R' command didn't seem to work also
Related
I followed this link: https://confluence.atlassian.com/bitbucket/add-an-ssh-key-to-an-account-302811853.html
I generated a public key and I pasted the file ~/.ssh/id_rsa.pub to SSH Keys in BitBucket.
However, I still get the error:
Host key verification failed. fatal: Could not read from remote
repository.
Please make sure you have the correct access rights
Host key verification failed. fatal: Could not read from remote repository.
This is not about client authentication, but server authenticity. You need to verify that the server you are connecting to is really the bitbucket. This is explained in this article.
The easiest way to resolve the problem is to paste the server public key below into the ~/.ssh/known_hosts:
bitbucket.org,104.192.143.1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
I am working with win 7 and git bash as well as an amazon EC2 instance. I tried to log into my instance:
$ ssh -i f:mykey.pem ubuntu#ec2-52-10-**-**.us-west-2.compute.amazonaws.com
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
71:00:d7:d8:a------------------26.
Please contact your system administrator.
Add correct host key in /m/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /m/.ssh/known_hosts:27
ECDSA host key for ec2-52-10-**-**.us-west-2.compute.amazonaws.com has changed and you have request
ed strict checking.
Host key verification failed.
Logging in like this has worked fine in the past, but this problem started after I rebooted my EC2 instance. How can I get this working again?
edit:
$ ssh -i f:tproxy.pem ubuntu#ec2-52-10-**-**.us-west-2.compute.amazonaws.com
ssh: connect to host ec2-52-10-**-**.us-west-2.compute.amazonaws.com port 22: Bad file number
tried again:
The authenticity of host 'ec2-52-10-**-**.us-west-2.compute.amazonaws.com (52.10.**-**)' can't be
established.
ECDSA key fingerprint is d6:c4:88:-----------fd:65.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added 'ec2-52-10-**-**.us-west-2.compute.amazonaws.com,52.10.**-**' (ECDSA) t
o the list of known hosts.
Permission denied (publickey).
what should I do now?
The hostname has a new ssh key, so ssh tells you something has changed.
The hint is here:
Offending ECDSA key in /m/.ssh/known_hosts:27
If you're sure the server on the other side is authentic, you should delete line 27 in /m/.ssh/known_hosts.
This error says that something has been changed since your last login to this server and that the server you try to ssh to, might not be the server you think it is.
One thing to be aware of...
When you create an EC2 instance, No fixed IP assigned to this instance.
When you start this instance, it will get (dynamic) IP number and a DNS name which will be based on that IP.
If you shutdown the instance and start it again few hours later, it might get a new IP and a new DNS name.
If you are still trying to access the old DNS name/IP, you are actually trying to access a server that might not belong to you.
This will end with the same error msg as you had.
(It can happen because you pointed a DNS entry to the old IP, or you are using scripts that try to access the old DNS name/IP, or you just repeating the ssh command from your history...)
If this is the case, the solution is to use Elastic IP.
You can assign Elastic IP to your server, and this will force it to keep its IP address between reboots.
Elastic IP is free while your (attached) server is up.
But it will cost you some minor fees when the attached server is down.
This is done to make sure you are not "reserving" IP while not using/need it
In BeanStalk environment, the issue is that it refers to the key from known_hosts for the respective IP. But it has changed. So using the same key would not work.
Removing the key for the IP from ~/.ssh/known_hosts and then connecting by ssh would work.
(Basically, when the entry is not there in ~/.ssh/known_hosts it will create a new one, and thus resolve the conflict)
Type the following command to set the permissions. Replace ~/mykeypair.pem with the location and file name of your key pair private key file.
chmod 400 ~/mykeypair.pem
In your case mykeypair.pem is tproxy.pem
I was facing the same issue and after making pem file private it was fixed.
Here is some more information on SSH Key Permissions
I recently changed the DNS cname record of one of the slaves that my jenkins machine uses. After the change was made, I updated the information in the node so that it points to the new name. Since then, the jenkins slave fails to launch with the following error:
[09/10/14 18:24:11] [SSH] Opening SSH connection to name.domain.com:22.
ERROR: Server rejected the 1 private key(s) for ubuntu (credentialId:xxxxxxxxxxxxxxxxxxxxxxx/method:publickey)
[09/10/14 18:24:11] [SSH] Authentication failed.
hudson.AbortException: Authentication failed.
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1143)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:648)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:642)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
[09/10/14 18:24:11] [SSH] Connection closed.
[09/10/14 18:24:11] Launch failed - cleaning up connection
Can anyone give me info on how I might resolve this? Its using the same key that had been working prior to the DNS change.
The problem is visible on the line that says:
ERROR: Server rejected the 1 private key(s) for ubuntu (credentialId:xxxxxxxxxxxxxxxxxxxxxxx/method:publickey)
You need to log into the slave and examine /var/log/auth.log to discover why the slave refused the key.
You might want to double-check which credential the slave is configured to use. Sometimes when I have edited slave configuration, some settings have changed that I have no recollection changing.
This may be an odd issue that has to do with AWS permissions, and to be honest I don't entirely understand the why of it, but in the end I was able to resolve the issue.
The machine would not accept the .pem key that I had previously been using. I ended up having to make a new pem key and add it to authorized keys on the destination machine.
I confirmed that I am still able to use the original key to ssh into the box, but for some reason it would not work from the jenkins machine.
Does anyone know why I am unable to connect to my server using the Notepad++ NppFTP plugin with SFTP?
I have a CentOS 6.4 server with SSH on port 22.
When I try and connect using NppFTP I get the following output:
[NppFTP] Everything initialized
Connecting
[SFTP] Connection failed : Error reading socket
Unable to connect
Disconnected
This used to work when I had my SSH port set to 3264 but when I changed the SSH port back to 22 NppFTP stopped working. All the settings for the profile are correct including the right IP, username, password and port (22).
I can connect with SFTP using FileZilla and WinSCP successfully with these same SFTP details and I can connect with SSH using PuTTY.
I can connect with SFTP to other servers using NppFTP so I believe there is an issue in my server config I'm just not sure where or what.
I looked at the access logs but found no attempt at a connection from NppFTP, I turned the firewall off and still nothing.
In the end I got in touch with my server company and it turns out it was a problem on their end. This is what they had to say:
"This was caused by an IPS rule inspecting the network packets coming into the infrastructure, which helps identify brute force attacks."
Very strange, but after they made the change NppFTP can now connect successfully.
Sorry but I am a newbie... I have checked other questions but nothing has worked and I am not great with SSH.
Followed the steps to connect to EC2 with SSH in Eclipse. Worked like a charm. Then I terminated the working server and started a new instance.
Now I can't connect and receive
RSEG1066 "Failed to connect sshd on server name" Auth failed
Also Port 22 is open ->
Port 22 (SSH) Source: 0.0.0.0/0
My SSH connection references the new hostname and I have applied my .pem file via rsa. Any thoughts? What else should I check?
Thank you.
Seems many people are having this problem with AWS when terminating an instance and launching a new instance. Here is what I did to solve the problem for me.
Terminated instance
Deleted key pair from AWS console
Deleted key pair from client
Launched a new instance
When prompted, used a different name for my key pair (.pem) file
Choose the default security group
Added SSH / Port 22 inbound access to the security group
Connected (with user *ubuntu* since I am using an ubunutu server)
And if using Eclipse RSE like the tutorial link in the original question, be sure to restart Eclipse before connecting.