"offending key" warning when connecting by ssh to my VPS
When I execute:
ssh root@myVPS
I'm getting the next warning:
Warning: the RSA host key for 'myVPS' differs from the key for the IP address 'xxx.xx.xxx.xx'
Offending key for IP in /home/manolo/.ssh/known_hosts:1
Matching host key in /home/manolo/.ssh/known_hosts:2
Are you sure you want to continue connecting (yes/no)?
and if I type "yes" I works fine, but I don't know why this warning is thrown. Any suggestion of why is it thrown and how to avoid it?
Solution 1:
Most likely, you'll have reinstalled your VPS at some point and kept the host name and/or IP address. When reinstalling, the host key of the VPS got regenerated and since it differs from the one in your ~/.ssh/known_hosts
, the warning gets displayed so you can detect the problem. This is done to prevent you from connecting to an entirely different system that replaces the legitimate host, e.g. to collect passwords.
If something like that happened, just remove the offending key from your known_hosts
file and everything is fine, but if you are not aware of such an rinstall, you have to investigate further do understand why the key differs.
Solution 2:
I had same problem and it is very to resolve, please open your known_hosts file from vi .ssh/known_hosts
and search for your server name. If you find host key is there without IP address then add your IP to that file and it will resolve your issue.
Before:
myVPS ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsIfCSqA2rSlTvH8AMrMjpD66y5dOsYOPp30AXYGAEAFkVBs1+51lbRNyiFenpbxOyQjyvpgVJdkC4kqgG66xE6IPBrqpUFL3KjbUCTZ8sNHWn+I89bAMWDzGEiqaad/powDxgZgFe74bV82Se1igbFmHlHwwb7DEAcjXh34XbcMgJ0vIExJqPV1zccKkCXhstQy7av0+I7GRz5wIbYiIFMungKIhX3upwQOzyW/E1RDmq89BRv1g2ch1xsKK5OpNjCCFP2OSYPybJmFXhjOWI7LUdFASmaw5Z1az9LLpLKQePQ4mWsL/ON8Z9uvzhQig3hdQ/cnrAsRLShn4rJratw==
after adding IP:
myVPS,198.51.100.42 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsIfCSqA2rSlTvH8AMrMjpD66y5dOsYOPp30AXYGAEAFkVBs1+51lbRNyiFenpbxOyQjyvpgVJdkC4kqgG66xE6IPBrqpUFL3KjbUCTZ8sNHWn+I89bAMWDzGEiqaad/powDxgZgFe74bV82Se1igbFmHlHwwb7DEAcjXh34XbcMgJ0vIExJqPV1zccKkCXhstQy7av0+I7GRz5wIbYiIFMungKIhX3upwQOzyW/E1RDmq89BRv1g2ch1xsKK5OpNjCCFP2OSYPybJmFXhjOWI7LUdFASmaw5Z1az9LLpLKQePQ4mWsL/ON8Z9uvzhQig3hdQ/cnrAsRLShn4rJratw==
Solution 3:
You have to clear both the hostname and the ip address from your known_hosts file, you can do it like this:
ssh-keygen -f ~/.ssh/known_hosts -R [somehostname.net]
ssh-keygen -f ~/.ssh/known_hosts -R [123.123.123.123]
Just replace somehostname.net
with the hostname or domain name of the host you want to clear, and replace the ip address with the hosts ip address (leave the square brackets in). If it worked you will see a message like this:
/home/yourname/.ssh/known_hosts updated.
Original contents retained as /home/yourname/.ssh/known_hosts.old
If it didn't work, try the same thing but without the square brackets, also double check that the hostname and ip address is correct:
ssh-keygen -f ~/.ssh/known_hosts -R somehostname.net
ssh-keygen -f ~/.ssh/known_hosts -R 123.123.123.123
If the host's SSH port is on a different port, say 2222 instead of 22 then simply add the port like so:
ssh-keygen -f ~/.ssh/known_hosts -R [somehostname.net]:2222
ssh-keygen -f ~/.ssh/known_hosts -R [123.123.123.123]:2222