SSH "Host key verification failed"
I am supposed to put up a file on a server from my own computer with ssh
as a school assignment.
It has been a slow process but now I'm stuck. I have googled but not found anything that has helped. As I am a total beginner at this it is probably some stupid fault of mine, so please help me out (easy instructions, expect me to do it wrong ;) ) . Below is the terminal text from where I am stuck, I have tried both logged in on my computer and logged in on the server.
logged in on the server:
teddy@rymd-srv:~$ ssh-keygen -R [email protected]
/home/teddy/.ssh/known_hosts updated.
Original contents retained as /home/teddy/.ssh/known_hosts.old
teddy@rymd-srv:~$ scp -r [email protected]:/home/teddy/Pictures/filetransfer.jpeg
[email protected]:/home/teddy
[email protected]'s password:
Host key verification failed.
lost connection
logged in on my own computer:
teddy@TeddysDator:~$ ssh-keygen -R [email protected]
/home/teddy/.ssh/known_hosts updated.
Original contents retained as /home/teddy/.ssh/known_hosts.old
teddy@TeddysDator:~$ scp -r [email protected]:/home/teddy/Pictures/filetransfer.jpeg
[email protected]:/home/teddy
The authenticity of host '85.226.40.57 (85.226.40.57)' can't be established.
ECDSA key fingerprint is ef:9c:4c:41:3c:9d:b1:40:05:67:30:34:e8:d3:ab:c6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '85.226.40.57' (ECDSA) to the list of known hosts.
[email protected]'s password:
Host key verification failed.
lost connection
This is likely a problem with how older versions of SSH handle host verification when ECDSA is used by default.
If you trust that the server and network have not been compromised, just add the host's RSA key to your known_hosts file:
ssh-keyscan ssh-server.example.com | tee -a ~/.ssh/known_hosts
This usually indicates that the host's key in your known_hosts file and that handed to you by the server don't match.
This can mean two things: that the server's key did indeed change (if they reinstalled it, for instance), or that there is indeed a "person in the middle" attack going on.
The best way to make sure is to contact the server's administrator and tell them about the error message, asking them if they know about this change of key. If they know nothing, you may want to be cautious about connecting to the server.
Usually what you do here is:
ssh-keygen -R server.name
to remove the old entry. I notice you're already doing this, so I'm not too sure what's happening here. However the fact that you're doing this suggests that you've been told to do it, which may also indicate that the server's key does indeed change on a periodic basis.
One thing to try is disable host key checking altogether (not recommended, but if you're doing the connection from the server to itself I guess it should be relatively safe):
ssh -o 'StrictHostKeyChecking=no' ssh-server.example.com
Note, if this works, please DON'T make this the default, as it is quite unsafe; instead, let the server's administrator know about this, because this could be a problem with the server and its key information.
Read here for some good information on ssh host key checking:
http://www.symantec.com/connect/articles/ssh-host-key-protection