Known Hosts headache

I have a various number of devices in my lab. I constantly deploy them, rework them, and lab new things. Once up and operating I generally move off a console connection and move to SSH. Well sometimes there poses a problem in SSH known hosts. The function of a known host lists is to help ensure detect a man in the middle attack. If a FTP server goes offline and someone has surreptitiously replaced it with someone more malicious, this function help detects  it.

Something like below might appear.

manetheren:/ pandom_$ ssh [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
99:c8:15:52:62:c3:73:39:a8:d5:5f:2d:31:d2:fb:90.
Please contact your system administrator.
Add correct host key in /Users/pandom_/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/pandom_/.ssh/known_hosts:2
RSA host key for 192.168.1.200 has changed and you have requested strict checking.
Host key verification failed.

So as you can see it denies my request for SSH into my SRX. Rather painful. Well with the constant moving and changing in the lab, here is how I rectify my issue.

manetheren:/ pandom_$ ssh-keygen -R 192.168.1.200
/Users/pandom_/.ssh/known_hosts updated.
Original contents retained as /Users/pandom_/.ssh/known_hosts.old

What the command above does is invokes the ssh-keygen program whilst the -R argument will remove all keys associated to the host 192.168.1.200. Now I will attempt to access my SRX again.

manetheren:/ pandom_$ ssh [email protected]
[email protected]'s password: 

--- JUNOS 12.1R3.5 built 2012-08-09 07:05:23 UTC
[email protected]%

There we go. Access restored. Something handy that I hope you will find useful.

Leave a Reply

Your email address will not be published. Required fields are marked *

*