Ubuntu-ssh - - WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED [closed]

I'm unable to ssh and rysnc to a remote system. It keeps giving this error message:

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
a3:8f:7c:07:c9:12:d8:aa:cd:c2:ba:b3:27:68:bc:c2.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /root/.ssh/known_hosts:8
RSA host key for xxx.xxx.xxx.xxx has changed and you have requested strict checking.
Host key verification failed.
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(601) [sender=3.0.8]

I've removed authorized_keys file from /home/user/.ssh.


Solution 1:

use the following command which removes the old keys from .ssh/known_hosts file

ssh-keygen -R <host>

Solution 2:

The message says "/root/.ssh/known_hosts" not authorized_keys. Remove that file (or at least the corresponding key) from it and you can go again! But be aware that: There must be a reason why the key changed. Was the system reinstalled? Make sure you check that or the whole idea of ssh is void.

BTW.: Is there a reason you ssh as root?

Solution 3:

The message does explain itself:

  • The remote host identified itself with a key
  • Your previous copy of the key for that host is different
  • So there is a chance that the remote host is not who they say they are

If you trust the remote host, you can delete line 8 from your /root/.ssh/known_hosts and ssh will ask you if it can add the new key next time you try to connect

If you don't trust the remote host, you have to contact the host administrators to find out if and why they changed ssh keys. If they haven't it means your traffic is being intercepted

On the other hand, if you really really trust the remote host (eg it is on an intranet), you can run ssh with

-oBatchMode=yes -oStrictHostKeyChecking=no