"Add correct host key in known_hosts" / multiple ssh host keys per hostname?
Solution 1:
get the rsa key of your server, where
server_ipis your server's IP address, such as192.168.2.1:$ ssh-keyscan -t rsa server_ipSample response:
# server_ip SSH-2.0-OpenSSH_4.3 server_ip ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwH5EXZG...and on the client, copy the entire response line
server_ip ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwH5EXZG..., and add this key to the bottom of your~/.ssh/known_hostsfile:server_ip ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqx9m529...(the offending key, and/or the very bottom of the `known_hosts` file) server_ip ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwH5EXZG... (line you're adding, copied and pasted from above)
Solution 2:
Remove that the entry from known_hosts using:
ssh-keygen -R *ip_address_or_hostname*
This will remove the problematic IP or hostname from known_hosts file and try to connect again.
From the man pages:
-R hostname
Removes all keys belonging to hostname from a known_hosts file. This option is useful to delete hashed hosts (see the -H option above).
Solution 3:
A very simple way is:
cp ~/.ssh/known_hosts ~/.ssh/known_hosts.bak
Then edit known_hosts to clear the original key, then ssh to the host using:
ssh name@computer
It'll add the new key automatically; then compare the two files. A program such as meld is a nice way to compare the two files. Then merge the files to make known_hosts contain both keys
My 'reason' for keeping two keys is that the destination system is multiboot, even though I dare say there's a way of synchronizing the keys across the installations, it seems more straightforward to allow multiple keys.
EDIT 2015/06
I should add, revisiting it now, that I notice an even simpler way [as long as the entry is identifiable, normally from the hostname / IP address quite aside from the error message referencing its specific location];
- Edit known_hosts to add # at the start of the 'old' entry in known_hosts temporarily
- Connect [ssh to the host], agree to the prompt to add the new key 'automatically'
- Then re-edit known_hosts to remove the #
There's even the option HostKeyAlias as in
ssh -o HostKeyAlias=mynewaliasforthemachine name@computer
then subsequently, after ssh client adds the new key under the alias, you may either edit known_hosts to substitute the 'real' hostname/IP address for the alias or connect to that incarnation of that host with the alias option evermore
Solution 4:
I have the same issue with a raspberry pi which I boot with several different systems (dev system for compiling arm binaries, project, xbmc, etc.) and have run into the same problem. They use DHCP on a local network and my router always reused the same IP since the MAC address was the same. I've solved it by using different domain names in my hosts file:
10.10.10.110 pi-dev
10.10.10.110 pi-xbmc
10.10.10.110 pi-etc
The known_hosts file saves fingerprints by host name so even though it is the same IP address, each unique host name gets a different entry.
I got sick of adding the names to hosts files every time I used a new system so I came up with an even lazier way by using leading zeros on ip addresses like:
$ ssh [email protected]
$ ssh [email protected]
$ ssh [email protected]
Each variation of the (uncanonicalized) ip address gets it's own entry in known_hosts.
Solution 5:
If both your client and server have OpenSSH 6.8 or newer, you can use the UpdateHostKeys yes option in your ssh_config or ~/.ssh/config. For example:
Host *
UpdateHostKeys yes
This makes SSH store all host keys that the server has to known_hosts, and when a server changes or removes one host key, the key is also changed or removed in your known_hosts.