"offending key" warning when connecting by ssh to my VPS

ssh linux

When I execute:

ssh root@myVPS

I'm getting the next warning:

Warning: the RSA host key for 'myVPS' differs from the key for the IP address 'xxx.xx.xxx.xx'
Offending key for IP in /home/manolo/.ssh/known_hosts:1
Matching host key in /home/manolo/.ssh/known_hosts:2
Are you sure you want to continue connecting (yes/no)?

and if I type "yes" I works fine, but I don't know why this warning is thrown. Any suggestion of why is it thrown and how to avoid it?


Solution 1:

Most likely, you'll have reinstalled your VPS at some point and kept the host name and/or IP address. When reinstalling, the host key of the VPS got regenerated and since it differs from the one in your ~/.ssh/known_hosts, the warning gets displayed so you can detect the problem. This is done to prevent you from connecting to an entirely different system that replaces the legitimate host, e.g. to collect passwords.

If something like that happened, just remove the offending key from your known_hosts file and everything is fine, but if you are not aware of such an rinstall, you have to investigate further do understand why the key differs.

Solution 2:

I had same problem and it is very to resolve, please open your known_hosts file from vi .ssh/known_hosts and search for your server name. If you find host key is there without IP address then add your IP to that file and it will resolve your issue. Before:

myVPS ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsIfCSqA2rSlTvH8AMrMjpD66y5dOsYOPp30AXYGAEAFkVBs1+51lbRNyiFenpbxOyQjyvpgVJdkC4kqgG66xE6IPBrqpUFL3KjbUCTZ8sNHWn+I89bAMWDzGEiqaad/powDxgZgFe74bV82Se1igbFmHlHwwb7DEAcjXh34XbcMgJ0vIExJqPV1zccKkCXhstQy7av0+I7GRz5wIbYiIFMungKIhX3upwQOzyW/E1RDmq89BRv1g2ch1xsKK5OpNjCCFP2OSYPybJmFXhjOWI7LUdFASmaw5Z1az9LLpLKQePQ4mWsL/ON8Z9uvzhQig3hdQ/cnrAsRLShn4rJratw==

after adding IP:

myVPS,198.51.100.42 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsIfCSqA2rSlTvH8AMrMjpD66y5dOsYOPp30AXYGAEAFkVBs1+51lbRNyiFenpbxOyQjyvpgVJdkC4kqgG66xE6IPBrqpUFL3KjbUCTZ8sNHWn+I89bAMWDzGEiqaad/powDxgZgFe74bV82Se1igbFmHlHwwb7DEAcjXh34XbcMgJ0vIExJqPV1zccKkCXhstQy7av0+I7GRz5wIbYiIFMungKIhX3upwQOzyW/E1RDmq89BRv1g2ch1xsKK5OpNjCCFP2OSYPybJmFXhjOWI7LUdFASmaw5Z1az9LLpLKQePQ4mWsL/ON8Z9uvzhQig3hdQ/cnrAsRLShn4rJratw==

Solution 3:

You have to clear both the hostname and the ip address from your known_hosts file, you can do it like this:

ssh-keygen -f ~/.ssh/known_hosts -R [somehostname.net]
ssh-keygen -f ~/.ssh/known_hosts -R [123.123.123.123]

Just replace somehostname.net with the hostname or domain name of the host you want to clear, and replace the ip address with the hosts ip address (leave the square brackets in). If it worked you will see a message like this:

/home/yourname/.ssh/known_hosts updated.
Original contents retained as /home/yourname/.ssh/known_hosts.old

If it didn't work, try the same thing but without the square brackets, also double check that the hostname and ip address is correct:

ssh-keygen -f ~/.ssh/known_hosts -R somehostname.net
ssh-keygen -f ~/.ssh/known_hosts -R 123.123.123.123

If the host's SSH port is on a different port, say 2222 instead of 22 then simply add the port like so:

ssh-keygen -f ~/.ssh/known_hosts -R [somehostname.net]:2222
ssh-keygen -f ~/.ssh/known_hosts -R [123.123.123.123]:2222

Related

better way to loop through a list of servers
When to use routable vs non-routable IP addresses [closed]
How would I grab a text file off of a windows machine from a linux cli?
Do I even need a swap partition with Linux?
How to determine how many shells deep I might be?
suppress blank emails
linux - disk space missing
High availability virtual machines
How to set up VLAN network
No IPv6 & DNSSEC support on cc-TLD? (practical implications)
Why do people use 172.x.x.x instead of 192.x.x.x [closed]
Is it safe to allow inbound 0.0.0.0/0 on EC2 security group?