Subscribe

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!

Removing SSH Keys under OS X

I love setting up new servers! It's one of my favorite things to do - deployment is beyond enjoyable for me! However, since I access a lot of different images on the same IP via SSH at times it can get a bit tricky.

When reimaging a server (server originally had Ubuntu, I SSH into that server - later, I decide I want it to run Debian.) the server will no longer recognize our RSA key, it will throw an error every time we try to connect via SSH.

The error

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for hostname.domain.net has changed,
and the key for the corresponding IP address 127.0.0.1
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
00:0a:a0:00:00:aa:a0:a0:00:aa:0a:00:a0:00:a0:a0.
Please contact your system administrator.
Add correct host key in /Users/username/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/username/.ssh/known_hosts:2
RSA host key for hostname.domain.net has changed and you have requested strict checking.
Host key verification failed.

Remove the hostname

Input

ssh-keygen -R hostname.domain.net

Output

ssh-keygen -R Hostname.domain.net
Host hostname.domain.net found: line 2 type RSA
/Users/username/.ssh/known_hosts updated.
Original contents retained as /Users/username/.ssh/known_hosts.old

Or...

Input

ssh-keygen -R 127.0.0.1

Output

Host hostname.domain.net found: line 2 type RSA
/Users/username/.ssh/known_hosts updated.
Original contents retained as /Users/username/.ssh/known_hosts.old

The solution working

ssh user@hostname.domain.net
user@hostname.domain.net's password: 

OS X Specific workaround

I use a MacBookPro and while using the commandline is typically the quickest and easiest way for me to do things - it may not be the same for you.

The easiest way to do this on OS X is as follows:

ssh1
ssh2
ssh3
ssh4

In the event that these image files are no longer working, here is a text breakdown:

  • Open Finder.
  • In the top taskbar select Go.
  • Type in
~/.ssh/
  • Delete the "KnownHosts" file(s).
  • Attempt to SSH into the server again.

Knowing exactly how to do this has saved me so much time over the years - hopefully you can add this to your memory bank and never have to scratch your head over this issue again!

Comments: