skip to content »

cmykalka.ru

Ssh knownhosts not updating

ssh knownhosts not updating-76

If you do suspect foul play discuss the issue with the host admin as soon as possible.Hopefully at this point you have reasonable certainty that the error isn’t related to something malicious so you can get back to correcting the offending key your client has been warning you about.

ssh knownhosts not updating-75ssh knownhosts not updating-43

The very first time you log into a new host you will be asked to verify that the system is the one you intended to access.If you answer no, the login process stops and you are given a simple error message.If you answer yes, the login process continues and your client will acknowledge the host and after a brisk handshake the client will store the host key locally in your ~/.ssh/known_hosts file if the file exists or create one for you if it doesn't.Before jumping ahead and skipping the verification or messing with your known_hosts file you really should contact the administrator for the host system and verify that the key has indeed changed for a valid reason.They should also be able to provide you with the fingerprint for their new host key so you can compare it to the key your client displayed in the identification error message.The remote system will send its host key to your client as part of their handshake and your client will ask you to verify the host key fingerprint before continuing the login process.

It sounds complicated, but you don’t have to worry about it! Here’s an example of what you should see on that first attempt (this will vary based on your OS).

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

The authenticity of host '[example.com]:22 ([10.2.139.23]:22)' can't be established.

RSA key fingerprint is 8c:5b:5e:69:a:f5:7d:4a:9a:d3:4c:fe:3f:43. Are you sure you want to continue connecting (yes/no)?

Currently the client trusts the key it has stored and not this new suspect key being presented by the host.