ssh-keygen -R saying (wrongly) no matches found
I've come across the not-uncommon issue where ssh keys on a host have changed, so they don't match what's saved in my ~/.ssh/known_hosts
file. When I connect (in this case via an Ansible playbook), it freaks out with "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!", yada yada yada.
The usual fix for this is to run ssh-keygen -R <host-ip-or-name>
, which deletes the offending entry. In this case the host is an ip:port combo, so I tried to run it like this:
ssh-keygen -R [xxx.xxx.xx.xxx]:yyyyy
Instead of updating known_hosts
, I get a message returned that says:
zsh: no matches found: [xxx.xxx.xx.xxx]:yyyyy
I tried running it without the port, just in case (ssh-keygen -R xxx.xxx.xx.xxx
). That gives a "host not found" error.
What am I doing wrong?
The problem was actually the zsh shell. Given the [xxx.xxx.xx.xxx]:yyyyy
syntax, zsh was interpreting the []
s as a globbing pattern. That's why I was getting a "zsh: no matches found" error.
In the old Bash shell, this isn't a problem, and the command I gave runs perfectly.
The solution in zsh is to quote the whole hostname, like this:
ssh-keygen -R "[xxx.xxx.xx.xxx]:yyyyy"