[clue] A cleaner way to get rid of out-of-date ssh keys
David L. Willson
DLWillson at TheGeek.NU
Wed Oct 17 10:34:42 MDT 2012
ssh-keygen -R (hostname)
and/or
ssh-keygen -R (ip-address)
Example:
dlwillson at dwillson-nb-1:1/~ 10:30:51
$ ssh dwillson-nb-3
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for dwillson-nb-3 has changed,
and the key for the corresponding IP address 192.168.6.105
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
3c:30:82:e2:43:bd:db:a5:a2:32:70:c4:31:0e:ce:10.
Please contact your system administrator.
Add correct host key in /home/dlwillson/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/dlwillson/.ssh/known_hosts:166
RSA host key for dwillson-nb-3 has changed and you have requested strict checking.
Host key verification failed.
dlwillson at dwillson-nb-1:1/~ 10:30:56
$ ssh-keygen -R dwillson-nb-3
/home/dlwillson/.ssh/known_hosts updated.
Original contents retained as /home/dlwillson/.ssh/known_hosts.old
dlwillson at dwillson-nb-1:1/~ 10:31:10
$ ssh-keygen -R dwillson-nb-3
/home/dlwillson/.ssh/known_hosts updated.
Original contents retained as /home/dlwillson/.ssh/known_hosts.old
dlwillson at dwillson-nb-1:1/~ 10:31:13
$ ssh dwillson-nb-3
The authenticity of host 'dwillson-nb-3 (192.168.6.105)' can't be established.
ECDSA key fingerprint is 7f:00:b4:19:3a:cb:89:a5:ff:09:85:8c:9f:cc:8a:97.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'dwillson-nb-3,192.168.6.105' (ECDSA) to the list of known hosts.
sudavidw at dwillson-nb-3's password:
--
David L. Willson
Trainer, Engineer, Enthusiast
RHCE Network+ A+ Linux+ LPIC-1 Ubuntu
Mobile 720-333-LANS(5267)
This is a good time for a r3VOLution.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20121017/3c86f273/attachment-0001.html
More information about the clue
mailing list