What to do When a Remote Machines Key has Changed

Questions Addressed

  • What do I do if a remote machine's key has changed?

If steps aren not taken to preserve host keys after an Operating System upgrade, or if a new host taken the IP of an existing host you may encounter the following messages. If you have SSH into the machine before the key change, you will not be able to SSH into the machine again until you remove the old key and replace it with the new one. This is the message you would receive:

Someone could be eavesdropping on you right now(man-in-the-middle attack)
It is also possible that the RSA host key has been changed.
The fingerprint for the RSA key sent by the remote host is
md5 33:56:db:62:15:04:54:4a:34:a4:71:8c:c1:d1:af:58.
Please contact your system administrator.
Add correct host key in /home/username/.ssh/known_hosts
Offending key is entry 13 in /home/username/.ssh/known_hosts
RSA host key for sonic has changed and you have requested strict checking.
lost connection 

Once you confirmed this is not a man-in-the-middle attack, you can edit the known_hosts file from the error message and remove and add the new key.

For vi users where 13 is the line number of the offending key, (the ddZZ deletes the line, saves the file, and exits the editor) Enter:

vi +13  /home/<username>/.ssh/known_hosts

With nano or pico use:

pico /home/<username>/.ssh/known_hosts

With vim use (for macOS):

vim /Users/<username>/.ssh/known_hosts

If the offending key was host "sonic" for example, I would do a '^W' and search for sonic. And then do a '^K' to cut the line.

Exit and save.

Now if you ssh to the host you will have to confirm the addition of the new RSA key to the "known_hosts" file and it will then allow you to connect.

If you need further assistance, please contact IGPP Net Ops.