Wednesday, March 13, 2013

host key verification failed - fixed

When connecting to EC2 via ssh, you need to use authorized keys and correct username. When the attempt failed, you can't connect again even if you have the correct details.

The error looks like below:



@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for ec2-12-345-67-89.ap-southeast-1.compute.amazonaws.com has changed,
and the key for the corresponding IP address 12.345.67.89
has a different value. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /root/.ssh/known_hosts:27
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
9a:1e:a5:82:12:23:a6:b7:63:d9:e0:12:0c:12:b2:02.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:38
RSA host key for ec2-12-345-67-89.ap-southeast-1.compute.amazonaws.com has changed and you have requested strict checking.
Host key verification failed.





Solution:
You need to remove the offending key from known hosts.

Console:
ssh-keygen -R hostname

Example:
ssh-keygen -R ec2-11-234-56-78.ap-southeast-1.compute.amazonaws.com





No comments:

Post a Comment