SSH “Host key verification failed” error

There is an annoying error which you get when you want to connect to the same IP via SSH but the server authentication key has been changed and you computer does not accept the risk to connect with a key other than the one you have used before.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:1
RSA host key for ras.mydomain.com has changed and you have requested strict checking.
Host key verification failed.

This can happen when you install a new OS on the server (or what ever you are trying to connect with via SSH) or if you have completely change the device on the other end (which is also the same case as changing the OS). This error is basically for your own security and safety but it annoys anyway 😀

In this article i’m going to explain few ways to resolve the issue:

There are two ways of doing this and they almost does the same thing:

  • Remove the one key you have problem with from client (Recommended)
  • Clear the whole key collection (NOT recommended !!)
  • Adding the new key to your known_hosts (a bit more technical but not scary 😉 )

N.B: The first way is absolutely recommended since these keys are useful for your safety and secure connection to other remote computers that you have previously connected with.

So lets assume that I wanted to connect to my remote computer using the following command

(by IP):

ssh nixsos@192.168.1.100

(or by hostname):

ssh nixsos@my.precious.server

now lets see the solutions:

Remove the one key you have problem with from client (Recommended)

Since we already know some information from our remote computer such as IP or hostname, we can use this info to specify the key and remove that specifically:

ssh-keygen -R 192.168.1.100

or

ssh-keygen -R my.precious.server

 

 

Clear the whole key collection (NOT recommended !!)

This way clears every key you have, so this is only recommended for those who don’t use SSH often and they occasionally want to connect to one server to get something done, so use it wisely!

cd
rm -f .ssh/known_hosts

 

 

Adding the new key to your known_hosts (a bit more technical but not scary 😉 )

In this case you are going to edit the file that stores all the keys your computer have been collected. For this you should:

  1. Open the known_hosts with some sort of text editor (See this post)
  2. Identify the key that you wish to change
  3. Delete the old key and insert the new one
  4. Save the known_hosts

to open the know_hosts file:

cd
nano -wS .ssh/known_hosts

then you will see some lines as below:

linux.ut,130.232.203.60 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEhJnF$
github.com,204.231.175.95 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAA$
192.168.1.100 ssh-dss AAAAB3NzaC1kc3MAAACBAIJIJzXy9YecBkIOiT3JtH$
binf.co.com,153.1.249.16 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAMU$
taito.csc.fi,86.50.166.10 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQERc$
hippu.csc.fi,193.166.7.98 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAAsMz$
sisu.csc.fi,86.50.166.22 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAAuvh8$
172.1.1.28 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD5aZvphI76FE$

As you can see each line has four parts: hostname, IP, key type, the key (the gibberish long part in the right side of each line). the first part is optional so occasionally some lines does not have hostname.

At this point you should find the line you wish to modify either by hostname or IP, and then you should erase the key and replace it with the new one. to do so you can copy and paste the hostname, IP and key type in a new line, paste your new key and remove the old line by Ctrl+k, or you can navigate to the end of the line you want to modify by pressing Ctrl+e and use backspace to delete the key character by character which will take relatively a long time and then paste the new key.

Finally you should save what you have done to apply changes, in nano text editor you should press Ctrl+x and then press y and after that Enter.

 

 

Hope you have solved the issue and learnt few things from this article 😀

Cheers.

Leave a Reply

Your email address will not be published. Required fields are marked *

This is new type of CAPTCHA, make the puzzle please !WordPress CAPTCHA