View Single Post
Old 3rd February 2016
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,505
Default

Yesterday, when reading ssh-keygen(1) I noticed that this command has an option to remove a host from .ssh/known_hosts:

Code:
     -R hostname
             Removes all keys belonging to hostname from a known_hosts file.
             This option is useful to delete hashed hosts (see the -H option
             above).
When logging in to newly created OpenBSD vm I saw the familiar warning:

Code:
$ ssh kvm.utp.xnet
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for kvm.utp.xnet has changed,
and the key for the corresponding IP address 192.168.222.230
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
b1:5b:ee:26:25:e6:eb:a7:cd:26:8b:08:d4:53:ff:f5.
Please contact your system administrator.
Add correct host key in /home/adriaan/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/adriaan/.ssh/known_hosts:35
ECDSA host key for kvm.utp.xnet has changed and you have requested strict checking.
Host key verification failed.
Now removing that host entry with $ ssh-keygen:

Code:
$ ssh-keygen -R kvm.utp.xnet
# Host kvm.utp.xnet found: line 35 type ECDSA
/home/adriaan/.ssh/known_hosts updated.
Original contents retained as /home/adriaan/.ssh/known_hosts.old
And I could login without a problem ...
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote