On UNIX-like systems like Linux and Mac OS, the known_hosts file is located at ~/.ssh/known_hosts. You can remove entries from this file manually (with a text editor), but If you're using a system that bundles a command-line SSH client, it probably includes the ssh-keygen
utility. You can examine the host key you have stored for a server with the command "ssh-keygen -F <hostname> -l
":
Code Block | ||||
---|---|---|---|---|
| ||||
$ ssh-keygen -F gl.umbc.edu -l # Host gl.umbc.edu found: line 187 gl.umbc.edu ECDSA SHA256:wSwjkRNKOUxWYi8XaCFSOyQwhnSctdagnVdlD9Y/5Lw |
If the host key fingerprint for a server has changed, and you've verified that the new fingerprint is authentic, you can remove old entries with the command "ssh-keygen -R <hostname>
":
Code Block | ||||
---|---|---|---|---|
| ||||
$ ssh gl.umbc.edu @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:wSwjkRNKOUxWYi8XaCFSOyQwhnSctdagnVdlD9Y/5Lw. Please contact your system administrator. Add correct host key in /Users/kherna1/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /Users/kherna1/.ssh/known_hosts:186 ECDSA host key for gl.umbc.edu has changed and you have requested strict checking. Host key verification failed. $ ssh-keygen -R gl.umbc.edu # Host gl.umbc.edu found: line 186 /Users/kherna1/.ssh/known_hosts updated. Original contents retained as /Users/kherna1/.ssh/known_hosts.old |