Tag Archives: RHEL Linux operation and maintenance

[Solved] SSH connect Error: “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED“

1. Problem description

When testing the connectivity of the host with the Ping module of ansible, the host 192.168.18.80 is pinged for the first time, but there is something wrong with the host. Take it offline, replace it with a new one, and then Ping 192.168.18.80 again. The following error message appears:

[root@server ~]# ansible all -m ping
192.168.18.80 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ECDSA key sent by the remote host is\nSHA256:zbEO7l6AqnhvNiZvVoy5KcYGHrn10CJw0ul169LeyHU.\r\nPlease contact your system administrator.\r\nAdd correct host key in /root/.ssh/known_hosts to get rid of this message.\r\nOffending ECDSA key in /root/.ssh/known_hosts:2\r\nPassword authentication is disabled to avoid man-in-the-middle attacks.\r\nKeyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.\r\[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
    "unreachable": true
}

When SSH is used for remote connection, the following error occurs

[root@server ~]# ssh 192.168.18.80
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:zbEO7l6AqnhvNiZvVoy5KcYGHrn10CJw0ul169LeyHU.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:2
ECDSA host key for 192.168.18.80 has changed and you have requested strict checking.
Host key verification failed.

 

2. Cause of problem

The identity of the SSH Remote Connection host is defaultly saved in ~/.ssh/known_hosts, each time you visit, you will check whether the host ID is the same. If not, you will be prompted with an error or warning to prevent man in the middle attacks.

 

3. Solution

Delete the information of the corresponding IP line in ~/.ssh/known_hosts, as shown in the following figure

[root@server ~]# vim  ~/.ssh/known_hosts
192.168.18.99 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGEsej5rHzUx+GX65oiHKfOqDqFP2OdNhb0i80Hns0b2TObWTQMvscKjaryuh2oZbq+Esekhn98HXDNc30aEjzA=
192.168.18.199 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHhaJ4VDE3HxK1AcsHNac4MTjv4IUauTLazQDwgh6lhCIt0qN5Zjj0+rh+isAZYOXdBp4S8K5p/YkTXalmU0CHQ=
192.168.18.80 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHKpwuBsqrI1ogpSvLkJKJpKcXIO49sJJH3gJmykHWOp3cqfekCpXIppiEzhKslxgFEmd971DILXrpPguDEQ3UE=