"Add correct host key in known_hosts" / multiple ssh host keys per hostname?

ssh ssh-keys

  1. get the rsa key of your server, where server_ip is your server's IP address, such as 192.168.2.1:

    $ ssh-keyscan -t rsa server_ip

    Sample response:

    # server_ip SSH-2.0-OpenSSH_4.3
server_ip ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwH5EXZG...

  2. and on the client, copy the entire response line server_ip ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwH5EXZG..., and add this key to the bottom of your ~/.ssh/known_hosts file:

    server_ip ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqx9m529...(the offending key, and/or the very bottom of the `known_hosts` file)
server_ip ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwH5EXZG... (line you're adding, copied and pasted from above)

Remove that the entry from known_hosts using:

ssh-keygen -R *ip_address_or_hostname*

This will remove the problematic IP or hostname from known_hosts file and try to connect again.

From the man pages:

-R hostname
Removes all keys belonging to hostname from a known_hosts file. This option is useful to delete hashed hosts (see the -H option above).


A very simple way is:

cp ~/.ssh/known_hosts ~/.ssh/known_hosts.bak

Then edit known_hosts to clear the original key, then ssh to the host using:

ssh name@computer

It'll add the new key automatically; then compare the two files. A program such as meld is a nice way to compare the two files. Then merge the files to make known_hosts contain both keys

My 'reason' for keeping two keys is that the destination system is multiboot, even though I dare say there's a way of synchronizing the keys across the installations, it seems more straightforward to allow multiple keys.

EDIT 2015/06

I should add, revisiting it now, that I notice an even simpler way [as long as the entry is identifiable, normally from the hostname / IP address quite aside from the error message referencing its specific location];

  1. Edit known_hosts to add # at the start of the 'old' entry in known_hosts temporarily
  2. Connect [ssh to the host], agree to the prompt to add the new key 'automatically'
  3. Then re-edit known_hosts to remove the #

There's even the option HostKeyAlias as in

ssh -o HostKeyAlias=mynewaliasforthemachine name@computer

then subsequently, after ssh client adds the new key under the alias, you may either edit known_hosts to substitute the 'real' hostname/IP address for the alias or connect to that incarnation of that host with the alias option evermore

Related

Physically locating the server
hosts file ignored, how to troubleshoot?
When does /tmp get cleared?
How to cd into a directory with this name "-2" (starting with the hyphen)?
How can I override CMD when running a docker image?
How to setup passwordless `sudo` on Linux?
What is the difference between Unix sockets and TCP/IP sockets?
How to refresh hosts file without rebooting
Kubernetes stuck on ContainerCreating
How to reliably keep an SSH tunnel open?
How to move windows that open up offscreen?
Rebooting Ubuntu on Windows without rebooting Windows?