On UNIX-like systems like Linux and Mac OS, the known_hosts file is located at ~/.ssh/known_hosts. You can remove entries from this file manually (with a text editor), but If you're using a system that bundles a command-line SSH client, it probably includes the ssh-keygen
utility. You can examine the host key you have stored for a server with the command "ssh-keygen -F <hostname> -l
":
Code Block | ||||
---|---|---|---|---|
| ||||
$ ssh-keygen -F gl.umbc.edu -l
# Host gl.umbc.edu found: line 187
gl.umbc.edu ECDSA SHA256:wSwjkRNKOUxWYi8XaCFSOyQwhnSctdagnVdlD9Y/5Lw |
If the host key fingerprint for a server has changed, and you've verified that the new fingerprint is authentic, you can remove old entries with the command "ssh-keygen -R <hostname>
":
Code Block | ||||
---|---|---|---|---|
| ||||
$ ssh gl.umbc.edu
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:wSwjkRNKOUxWYi8XaCFSOyQwhnSctdagnVdlD9Y/5Lw.
Please contact your system administrator.
Add correct host key in /Users/kherna1/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/kherna1/.ssh/known_hosts:186
ECDSA host key for gl.umbc.edu has changed and you have requested strict checking.
Host key verification failed.
$ ssh-keygen -R gl.umbc.edu
# Host gl.umbc.edu found: line 186
/Users/kherna1/.ssh/known_hosts updated.
Original contents retained as /Users/kherna1/.ssh/known_hosts.old |