Loonhaunt
Posts: 55
Joined: Sat Nov 16, 2013 5:13 am

ssh RSA Id changed

Sat Mar 01, 2014 11:40 pm

Hello,

I have not been working with my Pi very much over the last several weeks. I have several of them, and I just switched Pi's.
and am attempting to log in via ssh. I am using the correct ip address, but I get this message:
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
d3:8a:ee:a2:9a:a8:5f:07:2a:9d:ae:fb:da:0c:34:d9.
Please contact your system administrator.
Add correct host key in /Users/davebrown/.ssh/known_hosts to get rid of this message.
Offending key in /Users/davebrown/.ssh/known_hosts:1
RSA host key for 192.168.0.18 has changed and you have requested strict checking.
Host key verification failed.

I am using a mac and I do not remember how to enter the host key for this Pi.??

Any helpers??

I appreciate it thank you,

Dave

User avatar
DougieLawson
Posts: 36312
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: ssh RSA Id changed

Sat Mar 01, 2014 11:48 pm

It's a pretty dumb message due to sshd being restarted on your RPi.
Add correct host key in /Users/davebrown/.ssh/known_hosts to get rid of this message.
Offending key in /Users/davebrown/.ssh/known_hosts:1
Easiest fix is delete that known_hosts file (assuming you are 100% sure that you're connecting to the correct remote machine.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

Loonhaunt
Posts: 55
Joined: Sat Nov 16, 2013 5:13 am

Re: ssh RSA Id changed

Sun Mar 02, 2014 12:37 am

I did some searching for "/Users/davebrown/.ssh/known_hosts:1" and have not found such a place. I am reluctant to wack anything to useful at the moment because the Pi that I am attempting to connect to at the moment is not my primary unit.
This has to be some Mac quirk that I have not been aware of, no?

Thanks for your help?

db

I use to program via a Zilog processor in an Osborne Suit Case Computer.

User avatar
DougieLawson
Posts: 36312
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: ssh RSA Id changed

Sun Mar 02, 2014 12:45 am

The filename doesn't include the :1. That's just telling you that the offending record is the first in the file.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

User avatar
jojopi
Posts: 3085
Joined: Tue Oct 11, 2011 8:38 pm

Re: ssh RSA Id changed

Sun Mar 02, 2014 12:53 am

DougieLawson wrote:It's a pretty dumb message due to sshd being restarted on your RPi.
It is not a dumb message, it is essential to the security of the protocol. If ssh did not check host keys you would have no idea whether your communications were being intercepted.

And it cannot happen because sshd has restarted. It can only happen if you boot a different operating system on a existing machine, or if a new machine takes the IP address of an old machine.

The correct way to forget the host key for a single host or IP is:

Code: Select all

ssh-keygen -R 192.168.0.18
If you have multiple Pies, it would be better to arrange for them to have unique and stable IP addresses. Alternatively, or if you also switch SD cards between Pies, you can configure ssh to recognize them as different hosts by adding to ~/.ssh/config something like:

Code: Select all

host pi raspbian
  hostname <ipaddress>
  hostkeyalias pi-raspbian
  user pi

host openelec
  hostname <ipaddress>
  hostkeyalias pi-openelec
  user root
Here "host" are the things you can use in the ssh command, "hostname" are the addresses actually connected to, and "hostkeyalias" are what the host keys are stored as and expected to match. Multiple hostnames could be the same, either because the IPs are shared, or because the OSs are booted on the same Pi.

Loonhaunt
Posts: 55
Joined: Sat Nov 16, 2013 5:13 am

Re: ssh RSA Id changed

Sun Mar 02, 2014 1:01 am

jojopi wrote:
DougieLawson wrote:It's a pretty dumb message due to sshd being restarted on your RPi.
It is not a dumb message, it is essential to the security of the protocol. If ssh did not check host keys you would have no idea whether your communications were being intercepted.

And it cannot happen because sshd has restarted. It can only happen if you boot a different operating system on a existing machine, or if a new machine takes the IP address of an old machine.

The correct way to forget the host key for a single host or IP is:

Code: Select all

ssh-keygen -R 192.168.0.18
If you have multiple Pies, it would be better to arrange for them to have unique and stable IP addresses. Alternatively, or if you also switch SD cards between Pies, you can configure ssh to recognize them as different hosts by adding to ~/.ssh/config something like:

Code: Select all

host pi raspbian
  hostname <ipaddress>
  hostkeyalias pi-raspbian
  user pi

host openelec
  hostname <ipaddress>
  hostkeyalias pi-openelec
  user root
Here "host" are the things you can use in the ssh command, "hostname" are the addresses actually connected to, and "hostkeyalias" are what the host keys are stored as and expected to match. Multiple hostnames could be the same, either because the IPs are shared, or because the OSs are booted on the same Pi.
Hey thanks, all.

I am setting up some xbee networks and it is really painful when I switch back and forth from C to Python and Pi to Arduino then back again.
I am getting old I guess

User avatar
DougieLawson
Posts: 36312
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: ssh RSA Id changed

Sun Mar 02, 2014 12:27 pm

jojopi wrote:
DougieLawson wrote:It's a pretty dumb message due to sshd being restarted on your RPi.
It is not a dumb message, it is essential to the security of the protocol. If ssh did not check host keys you would have no idea whether your communications were being intercepted.
It's a dumb message on my local LAN subnet, which I control and where I know who's connected.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

User avatar
jojopi
Posts: 3085
Joined: Tue Oct 11, 2011 8:38 pm

Re: ssh RSA Id changed

Sun Mar 02, 2014 4:47 pm

DougieLawson wrote:It's a dumb message on my local LAN subnet, which I control and where I know who's connected.
If you trust your LAN so completely you can use rsh. It is faster and you do not need to worry about authentication in either direction.

Personally I do not trust my LAN any more than I need to. It has consumer devices on it that may have back doors, including the router. It is potentially vulnerable to attacks such as ARP poisoning that could not work in a internetwork or across VLANs.

But mostly I do not see how the message is dumb. It tells you to contact your system administrator, which is you, to ask yourself why the host key has changed. That is something you should be able to explain. Otherwise you should pause, just as you would if a "secure" shopping site presented an invalid certificate.

Return to “Troubleshooting”