Monday, March 8, 2010

[SOLVED] RSA host key has changed

I've run into the "RSA host key for has changed" issue is a couple times in the past few months as we have a few servers whose IP addresses have changed.
jmiranda@jmiranda-laptop:~$ ssh www.example.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED!
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for www.example.com has changed,
and the key for the corresponding IP address 12.34.56.78
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
aa:bb:cc:dd:ee:ff:11:22:33:44:55:66:77:88:99:00.
Please contact your system administrator.
Add correct host key in /home/jmiranda/.ssh/known_hosts to get rid of this message.
Offending key in /home/jmiranda/.ssh/known_hosts:2
RSA host key for www.example.com has changed and you have requested strict checking.
Host key verification failed.
I've wasted a few minutes Googling the solution each time, so I'm adding a blog entry for it now so that I have a reference to the solution next time it happens.
jmiranda@jmiranda-laptop:~$ ssh-keygen -R www.example.com
/home/jmiranda/.ssh/known_hosts updated.
Original contents retained as /home/jmiranda/.ssh/known_hosts.old

1 comment:

Rob said...

This worked. Thanks!