How to Fix an Offending SSH key

Reading Time: 1 minute

If you are trying to ssh onto a router, switch or server and you get the error message below:

[[email protected] ~]$ ssh [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
8e:55:56:16:d3:3d:22:8c:8f:db:57:2b:a3:af:85:69.
Please contact your system administrator.
Add correct host key in /home/marquk01/.ssh/known_hosts to get rid of this message.
Offending key in /home/marquk01/.ssh/known_hosts:25
RSA host key for 10.1.0.200 has changed and you have requested strict checking.
Host key verification failed.

You will be able to fix this, by running the perl script below (found on The Geek Stuff).

Note: You will need to the number according to number found on “Offending key” line

[[email protected] ~]$ perl -pi -e 's/\Q$_// if ($. == 25);' ~/.ssh/known_hosts

Once you hit enter, you will be able to ssh without an issue:

[[email protected] ~]$ ssh [email protected]
The authenticity of host '10.1.0.200 (10.1.0.200)' can't be established.
RSA key fingerprint is 8e:55:56:16:d3:3d:22:8c:8f:db:57:2b:a3:af:85:69.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.1.0.200' (RSA) to the list of known hosts.
[email protected]'s password:

For more details please visit The Geek Stuff

It’s a great website, full of little nuggets 🙂

The following two tabs change content below.

Keeran Marquis

Network Engineer
Keeran Marquis is a Network Engineer. His main goal is to learn everything within the Networking field, pick up a little bit of scripting, be a poor man sysadmin and share whatever he knows! All Posts are his own views, opinions and experiences, no guarantees they will work for you but point you in the right direction 🙂
Share this:
Share

2 thoughts on “How to Fix an Offending SSH key”

  1. Jeffrey Edelsten

    you can also do this really easily in bash using sed:

    sed -i ’25d’ ~/.ssh/known_hosts

    this will delete the 25th line from your known_hosts file. (sed ftw!)

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.