I have been using Oracle Virtualbox for years to deploy many virtual machines for testing and learning purposes. The other day I tried to connect to one of my remote server that runs with Arch Linux via SSH using command:
$ ssh sk@192.168.1.102
Here, sk is my remote Arch Linux server's username, and 192.168.1.102 is the Arch Linux IP address.
After running the above command, I got the following warning message:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:UX/eJ3HZT9q6lzAN8mxf+KKAo2wmCVWblzXwY8qxqZY. Please contact your system administrator. Add correct host key in /home/sk/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/sk/.ssh/known_hosts:4 ECDSA host key for 192.168.1.102 has changed and you have requested strict checking. Host key verification failed.
I can't SSH to the Arch Linux system. I tried to login with alternative username, but I got the same result as shown above.
This is actually not an error message. It is just a security notification that indicates the ECDSA host key for the given remote system has changed since you last connected. As you might already know, when we access a remote system for the first time from a local system via SSH, a fingerprint for the ECDSA key sent by that remote host is cached and stored in $HOME/.ssh/known_hosts file in our local system.
When the identity (fingerprint) has changed after you reinstalled the remote system or assigned a same IP address for multiple remote systems, the above warning message shows up.
Fix ECDSA host key Warning Error In Linux
To work around this issue, first we need to update the cached ECDSA host key of your remote system in your local system's known_hosts file. As you might know, usually, the host keys will be stored in the /home/yourusername/.ssh/known_hosts file.
To remove the cached key, use the following command:
$ ssh-keygen -R <remote-system-ip-address>
In our case, the remote system's IP is 192.168.1.102, so let us use the following command to remove the host key from the "known_hosts" file.
$ ssh-keygen -R 192.168.1.102
Sample output:
# Host 192.168.1.102 found: line 4 /home/sk/.ssh/known_hosts updated. Original contents retained as /home/sk/.ssh/known_hosts.old
Done!
Now, try again to ssh to the remote system with command:
$ ssh sk@192.168.1.102
Type 'Yes' and hit ENTER to update the host key of your remote system in your local system's known_hosts file.
The authenticity of host '192.168.1.102 (192.168.1.102)' can't be established. ECDSA key fingerprint is SHA256:UX/eJ3HZT9q6lzAN8mxf+KKAo2wmCVWblzXwY8qxqZY. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.102' (ECDSA) to the list of known hosts. sk@192.168.1.102's password: Last login: Thu May 19 18:01:24 2016 [sk@server ~]$
That's it. Now, you will be able to ssh to your remote Arch Linux system without any problem. This method will work not only on Arch Linux, but also on other Linux distributions as well.
8 comments
Thank You!
after typing yes, I recieved this:
Warning: Permanently added ‘192.168.1.26’ (ECDSA) to the list of known hosts.
Permission denied (publickey,keyboard-interactive).
I am not sure why received this error. This trick worked for me. Look at this thread. Someone has given the work around to fix this issue. http://stackoverflow.com/questions/1556056/permission-denied-publickey-keyboard-interactive
That’s not an error, just a warning saying that now the known_hosts file was updated with the new info for that host
Yeah, you’re right.
thanks , you solve my life .
how to avoid this warning to be printed?
That’s good it is working ,thanks a lot for your great effort