Known Hosts File in Ubuntu

Tags:

Recent versions of Ubuntu, and other Linux distributions, have a 'scrambled' (hashed) known hosts file ( ~/.ssh/known_hosts ). This makes it non-obvious to work around the fatal warning (more like an error) that "Remote host identification has changed!" -- Here's why and how.

According to GaB's weblog,

Beginning with the release of

[

OpenSSH ](http://www.openssh.org/) version 4.0, a new configuration directive was introduced: 'HashKnownHosts yes'. When you set this option in your ssh_config file, ssh will start recording a one-way cryptographic hash of the hostname and IP address rather than recording them in clear text. Later, when initiating subsequent ssh sessions, your ssh client will hash the hostname you type and look it up in the known_hosts file to find the previously-recorded ssh host key for the remote server. You will effectively still be able to automatically verify ssh host keys but attackers won't be able to harvest hostnames and IP addresses from the known_hosts file.

Today is HashKnownHosts usually set by default to yes. That implies that you can't edit nor view your known_hosts key file. So if the public key of a known host changes (for example because it was reinstalled), you get usually an error message like below if you try to establish a connection to the host, SSH assumes a

[

Man-in-the-middle_attack ](http://en.wikipedia.org/wiki/Man-in-the-middle_attack) .

If this happens, you will see an error like:

$ ssh myserver
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
00:e0:f3:25:11:76:26:98:77:65:a0:19:73:52:95:e7.
Please contact your system administrator.
Add correct host key in /home/todd/.ssh/known_hosts to get rid of this message.
Offending key in /home/todd/.ssh/known_hosts:15
RSA host key for myserver has changed and you have requested strict checking.
Host key verification failed.

You can resolve this by deleting the offending entry from known_hosts:

$ ssh-keygen -R myserver

or by removing the specified line (15, in this case) from the known_hosts file.