Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I am trying to SSH to my raspberry pi which is connected under the same router as my computer. It is running the latest version of raspbian lite. I enabled the ssh service on the pi using the command: systemctl enable ssh. However when I try to SSH to my raspberrypi from my personal computer, I get this message:
fahd#Fahd-PC:~$ ssh pi#192.168.1.23
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:***************************************************
Please contact your system administrator.
Add correct host key in /home/fahd/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/fahd/.ssh/known_hosts:1
remove with:
ssh-keygen -f "/home/fahd/.ssh/known_hosts" -R "192.168.1.23"
ECDSA host key for 192.168.1.23 has changed and you have requested strict checking.
Host key verification failed.
fahd#Fahd-PC:~$
And I'm not entirely sure whether this is something real I should be worried about or just me not knowing how to use SSH properly.
For some reason, your terminal has a different key in storage for your Pi. This can be due to several reasons (for example, the ssh package was updated and the SSH host key re-generated on the Pi. Or you changed the IPs on your network. Or you have DHCP and two different clients, and you got the addresses swapped. Or...).
So, it warns you.
Unless you have reasons to believe otherwise, I'd just follow the suggestion:
remove with:
ssh-keygen -f "/home/fahd/.ssh/known_hosts" -R "192.168.1.23"
This communicates inform you that RSA keys on the device has changed it happen when you:
reinstall OS on device
generate new / remove old RSA keys
someone is trying to do MITM attack (very rare in these days)
How to fix it:
Remove saved information about raspberry pi host
sudo vim ~/.ssh/known_hosts
or
sudo vim /etc/ssh/known_hosts
Use ssh-keygen
ssh-keygen -R host_ip
or
ssh-keygen -R host_ip -f path_to_known_hosts
Remove known_hosts
If you have only one host in "known_hosts" file you can just remove it.
sudo rm .ssh/known_hosts
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I'm pulling my hair out over this and can't find a solution anywhere.
After a reboot I started getting "Connection refused" through port 22000 which was the one I had configured and SSH was still listening to(I double checked). I'm connecting from a PC on the same LAN.
I could connect to port 22 suddenly after that but there I got "Access denied" after entering my password. After troubleshooting this I got tired and reinstalled openssh, with that I got a clean config and everything including the firewall and selinux is now configured to use port 22 with these commands:
sudo semanage port -a -t ssh_port_t -p tcp 22
sudo firewall-cmd --permanent --zone=public --add-port=22/tcp
sudo firewall-cmd --reload
Still access denied even though it's the correct password, I know since I can use the exact same directly on the server.
I have tried:
Putting "PermitRootLogin yes" in the sshd_config and login with root but that is also denied, same with a new test account I made. I removed "AllowUsers [username]" from the config before this.
Restarted the SSH service and rebooted as well several times.
The solution here to no avail: Centos 7 Remote SSH access denied
Setting selinux to "Permissive"
Disabling the firewall
Changing password to one without special characters
Triple checking that the SSH service is running
Neither "/var/log/secure" nor "/var/log/messages" log anything regarding my attempts to login.
I must have missed something, anyone have any ideas what?
use: ssh -vvv username#host to check the issue.
Try creating a pem file and see if it works.
I solved it and I really don't want to post the answer since it was embarrassingly easy, but I refuse to leave the question unsolved for the poor souls with similar problems.
I rebooted my PC.... facedesk
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I want to generate a set of keys for a home server that I would like to SSH into, so I do ssh-keygen -t rsa, but then I get a message: id_rsa already exists. Overwrite (y/n)?
Well, I don't want to overwrite because the keys I have now I use to SSH into my university's servers, and it would be a pain to have to do all that junk again every time I wanted to switch. Is there an easy way to append the keys?
I tried following a tutorial (which I cannot find) that suggesting something about using the cat command, but I am pretty lost. It seems like the solution is something very simple that I'm just not seeing.
You can achieve this by using a config file in your home directory under the .ssh directory:
Generate your key as usual:
ssh-keygen -t rsa
Don't overwrite the default (usually id_rsa). Instead, create a new name. This will create a separate file with your key.
In ~/.ssh create a config file with the following content:
Host * (asterisk for all hosts or add specific host)
AddKeysToAgent yes
UseKeychain yes
IdentityFile <key> (e.g. ~/.ssh/yourKey)
The key is now added to the keychain and can be used!
--
You can use multiple IdentityFiles in your config (Mac example):
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa_private_server
IdentityFile ~/.ssh/id_rsa_github
IdentityFile ~/.ssh/id_rsa_work_server
You can use the same public key on both servers. If you don’t want to do that, just specify a different location than ~/.ssh/id_rsa when ssh-keygen prompts you before that, and use it with an agent:
% ssh-agent sh # Replace with your favourite shell.
$ ssh-add ~/.ssh/id_rsa_2
$ ssh somewhere
$ exit
%
ssh-agent can also be used without starting a new shell as eval $(ssh-agent).
I had the same problem as you and I solved it.
In the terminal is:
"Enter file in which to save the key (/home/you/.ssh/id_rsa): "
Instead of hitting Enter or writing /home/you/.ssh/id_rsa, you write /home/you/.ssh/id_rsa1.
If I remember correctly, I fixed this problem by uninstalling Cygwin and using the command line instead.
You could do as minitech suggested and use the same SSH public key on both servers. To do so, open the file ~/.ssh/id_rsa.pub in your text editor, copy the contents of the file exactly without adding any new spaces or newlines, and add this to the server you want to connect to. If your user name on the server is "user" at IP address 123.45.56.78, use the command "ssh-copy-id user#123.45.56.78", or you can use:
cat ~/.ssh/id_rsa.pub | ssh user#123.45.56.78 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I created key pair by command
ssh-keygen -t rsa -N "" -f "C:\ssh2\id_rsa"
After I tried to connect to remoted server by command
ssh -2 -Nv -L 81:192.168.45.12:8989 proxy#host.ru -p 10022 -i "C:\ssh2\id_rsa"
And all finished that server required passphrase
Enter passphrase for key 'C:\ssh2\id_rsa':
But I created key pair without passphrase (-N ""). Why does it require passphrase?
The command issued specified "" - an empty string! - as the passphrase, not generation with no passphrase. (Simply hit "enter" when prompted for the passphrase and viola!)
To generate a key without any passphrase, do not specify the optional -N (passphrase) option when creating a new key or when requesting to change the passphrase (see -p) ..
.. and may the foil-hat gnomes be merciful to you.
I understand that connection happen, but if I click Enter button, console write me
debug1: No more authentification methods to try
Permission denied (publickey, hostbased)
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 months ago.
Improve this question
I've reinstalled my server and I am getting these messages:
[user#hostname ~]$ ssh root#pong
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
6e:45:f9:a8:af:38:3d:a1:a5:c7:76:1d:02:f8:77:00.
Please contact your system administrator.
Add correct host key in /home/hostname /.ssh/known_hosts to get rid of this message.
Offending RSA key in /var/lib/sss/pubconf/known_hosts:4
RSA host key for pong has changed and you have requested strict checking.
Host key verification failed.
I have tried various solutions that I found on the Internet. My known_hosts file (normally in ~/.ssh/known_hosts) is in /var/lib/sss/pubconf/known_hosts. I've tried to edit it, but it remains in one state. I have installed ipa-client and have Fedora 19. How do I resolve this warning?
All the answers answered so far work only if you do not have Freeipa installed.
The right answer for freeipa in comments below from adrin is here.
Here is the simplest solution:
ssh-keygen -R <host>
For example,
ssh-keygen -R 192.168.3.10
From the ssh-keygen man page:
-R hostname Removes all keys belonging to hostname from a known_hosts file. This option is useful to delete hashed hosts (see the -H option above).
Use
ssh-keygen -R [hostname]
Example with an ip address/hostname would be:
ssh-keygen -R 168.9.9.2
This will update the offending of your host from the known_hosts. You can also provide the path of the known_hosts with -f flag.
I had this same error occur after I recreated a Digital Ocean Ubuntu image. I used the following command with my server IP in place of [IP_ADDRESS]
ssh-keygen -R [IP_ADDRESS]
The sledgehammer is to remove every known host in one fell swoop:
rm ~/.ssh/known_hosts
On Monterey
sudo rm /var/root/.ssh/known_hosts
I come up against this as we use small subnets of short-lived servers from a jump box, and frequently have internal IP address reuse of servers that share the same ssh key.
When you reinstall the server its identity changes, and you'll start to get this message. Ssh has no way of knowing whether you've changed the server it connects to, or a server-in-the-middle has been added to your network to sniff on all your communications - so it brings this to your attention.
Simply remove the key from known_hosts by deleting the relevant entry:
sed '4d' -i /var/lib/sss/pubconf/known_hosts
The 4d is on the account of Offending RSA ...known_hosts:4
The problem is that you've previously accepted an SSH connection to a remote computer and that remote computer's digital fingerprint or SHA256 hash key has changed since you last connected. Thus when you try to SSH again or use github to pull code, which also uses SSH, you get an error. Why? Because you're using the same remote computer address as before but the remote computer is responding with a different fingerprint. Therefore, it's possible that someone is spoofing the computer you previously connected to. This is a security issue.
If you're 100% sure that the remote computer isn't compromised, hacked, being spoofed, etc then all you need to do is delete the entry in your known_hosts file for the remote computer. That will solve the issue as there will no longer be a mismatch with SHA256 fingerprint IDs when connecting.
On Mac here's what I did:
1) Find the line of output that reads RSA host key for servername:port has changed and you have requested strict checking. You'll need both the servername and potentially port from that log output.
2) Back up the SSH known hosts file cp /Users/yourmacusername/.ssh/known_hosts /Users/yourmacusername/.ssh/known_hosts.bak
3) Find the line where the computer's old fingerprint is stored and delete it. You can search for the specific offending remote computer fingerprint using the servername and port from step #1. nano /Users/yourmacusername/.ssh/known_hosts
4) CTRL-X to quit and choose Y to save changes
Now type ssh -p port servername and you will receive the original prompt you did when you first tried to SSH to that computer. You will then be given the option to save that remote computer's updated SHA256 fingerprint to your known_hosts file. If you're using SSH over port 22 then the -p argument is not necessary.
Any issues you can restore the original known_hosts file: cp /Users/yourmacusername/.ssh/known_hosts.bak /Users/yourmacusername/.ssh/known_hosts
As many have already said, use ssh-keygen, i.e.
ssh-keygen -R pong
Also, you may like to consider temporarily turning off host key checking:
ssh -oStrictHostKeyChecking=no root#pong
Works for me!
Error: Offending RSA key in /var/lib/sss/pubconf/known_hosts:4
This indicates you have an offending RSA key at line no. 4
Solution 1:
1. vi /var/lib/sss/pubconf/known_hosts
2. remove line no: 4.
3. Save and Exit, and Retry.
Solution 2:
ssh-keygen -R "you server hostname or ip"
OR
Solution 3:
sed -i '4d' /root/.ssh/known_hosts
This will remove 4th line of /root/.ssh/known_hosts in place(-i).
I used the solution of mockinterface, though the sed -i didn't quite work
I solved it by deleting the line by hand with vim:
sudo vim /var/lib/sss/pubconf/known_hosts
You can use any other text editor you want, but probably you'll need to show your administrative privileges
FINAL Solution!
It is showing due to the stored invalid ECDSA key. So we have to remove the ECDSA key from our master/controller machine by using the below command:
ssh-keygen -R 192.168.0.132
Here 192.168.0.132 is the remote system IP.
Edit /home/hostname /.ssh/known_hosts,and delete the 4 lines, and save it.
Then run ssh root#pong again, you will see message like this:Are you sure you want to continue connecting (yes/no)? yes, just print yes.
Note: If you got some problem, read the hints first, it will help.
The other answers here are good and working, anyway, I solved the problem by deleting ~/.ssh/known_hosts. This certainly solves the problem, but it's probably not the best approach.
updated your ssh key, getting the above message is normal.
Just edit ~/.ssh/known_hosts and delete line 4, as the message pointed you
Offending RSA key in /Users/isaacalves/.ssh/known_hosts:4
or use ssh-keygen to delete the invalid key
ssh-keygen -R "you server hostname or ip"
This is because your remote computer settings have changed. Remove your current keys for that.
vim /root/.ssh/known_hosts
Delete the line of the IP you are connecting.
In my case it happened because I previously had ssh connection with a machine with same ip(say 192.152.51.10) and the system was considering the RSA key(stored in /home/user_name/.ssh/known_hosts) of the previous host which resulted in mismatch.
To resolve this issue, you have to remove previously stored RSA key for the ip 192.152.51.10.
ssh-keygen -f "/home/user_name/.ssh/known_hosts" -R 192.152.51.10
Simple one-liner solution, tested on mac:
sed '/212.156.48.110/d' ~/.ssh/known_hosts > ~/.ssh/known_hosts
Deletes only the target ssh host IP from know hosts.
where 212.156.48.110 is replaced by the target host IP address.
Cause: Happened because the target IP was already known for a different machine due to port forwarding. Deleting the target IP before connecting will fix the issue.
I use PowerShell in Windows 10 for ssh.
My problem was in the Windows directory: C:\Users\youruser\.ssh
Delete the file known_hosts in that directory to forget the old value.
You may also use use File Explorer to locate and delete the file.
If you are trying to connect to running docker container on port 2222 with the command and you get the error
mian#tdowrick2~$ ssh pos#localhost -p 2222
Then to solve this problem, on your local computer (i.e. host machine not container) go to cd ~/.ssh/ and open known_hosts file with text editor. Remove the line starting with [localhost]:2222 and save the file. Now try to ssh again
mian#tdowrick2~$ ssh pos#localhost -p 2222
Error will disappear but you have to do it each time the container restart.
My solution is:
vi ~/.ssh/known_hosts
delete the line that contains your want connected ip.
This is better than delete all of the known_hosts
Remove that the entry from known_hosts using:
ssh-keygen -R *ip_address_or_hostname*
This will remove the problematic IP or hostname from known_hosts file and try to connect again.
From the man pages:
-R hostname
Removes all keys belonging to hostname from a known_hosts file. This option is useful to delete hashed hosts (see the -H option
above).
Sometimes, if for any reason, you need to reinstall a server, when connecting by ssh we will find that you server say that the identification has changed.
If we know that it is not an attack, but that we have reinstated the system, we can remove the old identification from the known_hosts using ssh-keygen:
ssh-keygen -R <host/ip:hostname>
root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old
When connecting again we will ask you to validate the new fingerprint:
ssh -l user <host/ip:hostname>
The authenticity of host '<host/ip:hostname>' can't
be established.
RSA key fingerprint is 3f:3d:a0:bb:59:24:35:6d:e5:a0:1a:3f:9c:86:81:90.
Are you sure you want to continue connecting (yes/no)? yes
Use this command:
truncate -s 0 /home/SYSTEM_NAME/.ssh/known_hosts
I had this problem, and the reason is very simple, I have a duplicated IP address to ssh login, so after modify this problem, everthing is solved.
Only client side problem(duplicate key for ip):
Solve variants:
For clear one ip(default port 22):
ssh-keygen -f -R 7.7.7.7
For one ip(non default port):
ssh-keygen -f -R 7.7.7.7:333
Fast clear all ips:
cd ~; rm .ssh/known_hosts
7.7.7.7 - ssh your server ip connect
333 - non standart port
Just do:
cd /home/user/.ssh/ -> here user will be your username, i.e. /home/jon/ for example.
Then
gedit known_hosts & and delete the contents inside it.
Now ssh again, it should work.
I had the same error in my machine, and I clear the known_hosts file, and after that, it works fine.
Simply clear the known_hosts which is present in /home/{username}/.ssh/known_hosts
vi /home/{username}/.ssh/known_hosts
remove every line inside known hosts and exit after that you will be able to login.
OR
run this command
ssh-keygen -R "hostname/ip_address"
SOLUTION:
1- delete from "$HOME/.ssh/known_hosts" the line referring to the host towards which is impossible to connect.
2- execute this command: ssh-keygen -R "IP_ADDRESSorHOSTNAME" (substitute "IP_ADDRESSorHOSTNAME" with your destination ip or destination hostname)
3- Retry ssh connection (if it fails please check permission on .ssh directory, it has to be 700)
My solution on UBUNTU (linux):
1.You have to delete the content from "known_hosts" file which is in "/home/YOUR_USERNAME/.ssh/known_hosts"
2.Generate a new ssh key like "ssh-keygen -t rsa -C "your.email#example.com" -b 4096"
3.Copy-paste your new ssh key in your git repository (gitlab in my case) SSH keys.
It works for me !
AWS EC2.
Find the ip in the message it gives you.
run
vim /home/ec2-user/.ssh/known_hosts
Use the arrow keys to find the ip from the message and click.
dd
This will delete that line then run escape
:wp
This will save then you are good to go.