4

I'm receiving the wonderful "The authenticity of host xx can't be established." message when attempting to SSH into a box. I have two systems that recently swapped names. My system is a RHEL5.6 box.

System X with IP xx
System Y with IP yy
Changed to System X with IP yy, system Y with IP xx.
(hope that's easy enough to explain what we did)

I removed both systems from my .ssh/known_hosts file (and verified neither IP is listed anywhere), but when I SSH into one of them, it still shows the IP of the original name. The other system works no problem, but it appears that there is a cache somewhere that still has the old information.

I've completely cleared the known_hosts file, as well as rebooted the system, in an attempt to clear the problem, but with no luck.

Any ideas? I'm stumped! This is only happening on my system, nobody else has a problem.

Update: I had already removed the offending keys from the file. I had also completely erased the known_hosts file. It still happens. there is nothing different in the configuration of the .ssh than any other account. And if it was an error in the .ssh files, it would affect other ssh connections as well. But the other system that had swapped names with this one, does NOT give this problem. it works correctly. It is only one of the two systems having the problem. The box has been reloaded twice since this change as well. So I know it's not the server itself.

I found out that my coworker is also having the same issue now, with the same box. And only this one box.

So if our DNS zone files are correct, where could this possibly be coming from? Neither system involved in this change has the old information in it. our DNS looks clean. Our accounts do not reference the old info. tracert shows the old IP with the name, as does ping, and then ssh. But an nslookup using forward or reverse comes back correct. Kinda frustrating.

DMA57361
  • 18,793
Chris
  • 41

4 Answers4

3

It sounds like you are getting the standard message for an unknown host. As you have removed the keys from the known hosts file this is expected. If you accept the key, then you should not be prompted on future connections to the same host.

If ssh is encrypting the address, SSH keeps two keys, one by IP and the other by name. Try removing the IP addresses. As PriceChild has noted you should get a message specifying the offending line in the known_hosts files. You could try removing the IP addresses from the known hosts files using ssh-keygen -R yy and ssh-keygen -R xx.

BillThor
  • 11,345
  • 2
  • 28
  • 25
1

Here's an example of my own ssh connection failing host key verification:

[user@host path]$ ssh hostname
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for pricey-host has changed,
and the key for the according IP address 192.168.32.21
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/nagios/.ssh/known_hosts:4
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
2e:61:87:cd:e6:e0:08:72:84:ea:80:56:19:12:62:89.
Please contact your system administrator.
Add correct host key in /home/nagios/.ssh/known_hosts to get rid of this message.
Offending key in /home/nagios/.ssh/known_hosts:15
RSA host key for pricey-host has changed and you have requested strict checking.
Host key verification failed.

The important line is 'Offending key in /home/nagios/.ssh/known_hosts:15' That tells you the exact file and the line number. Do you not see this message?

If it isn't the same as the above, perhaps you could post your exact error and I'll refine my answer, perhaps suggesting ssh -v.

Pricey
  • 4,710
1

Here is the solution for your Problem :

Use the -R option to removes all keys belonging to hostname from a known_hosts file. This option is useful to delete hashed hosts. If your 

remote hostname is server.example.com, enter:
$ ssh-keygen -R {server.name.com}
$ ssh-keygen -R {ssh.server.ip.address}
$ ssh-keygen -R server.example.com**strong text**




Sample output:

/home/vivek/.ssh/known_hosts updated.
Original contents retained as /home/vivek/.ssh/known_hosts.old

You can check out this link too for more information: SSH Host Key Change Error

Govind Karamta
  • 21
0

I had this same problem, after I changed the ip address of one of the servers monitored by Nagios3, and since the nagios user does not have a .ssh folder, there are no known_hosts to remove... this on debian.

so, the solution turned out to be quite simple, simply go to the server you try to monitor, and restart the nrpe server, on debian I do it like this:

/etc/init.d/nagios-nrpe-server restart

and, that solved the problem right away.

Sverre
  • 398