Loading...

Resolve ssh host key violations

Having multiple virtual machines for testing and POC (proof of concepts) you install for the “remote” access an OpenSSH server. Everytime you log in into a new machine, you might run into this legit warning:

tan@omega:~$ ssh tan@localhost -p 222
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:MggEJZSCbAmRQXebLxzdtEt7qjJVdUcr+cv1CBl5OgY.
Please contact your system administrator.
Add correct host key in /home/tan/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/tan/.ssh/known_hosts:17
  remove with:
  ssh-keygen -f "/home/tan/.ssh/known_hosts" -R [localhost]:222
ECDSA host key for [localhost]:222 has changed and you have requested strict checking.
Host key verification failed.

Since there is already a host key for another virtual machine, you can disable the warning for localhost via config.

cat /home/tan/.ssh/config
Host localhost
    NoHostAuthenticationForLocalhost yes

Otherwise you might end up removing the host key on every occasion.

ssh