Fix SSH host key error for Tux
Introduction
Mac Terminal or Putty or another SSH client or command-line SSH or SCP should be able to connect as normal to Tux. You will need to accept a new host key when connecting.
If you have trouble accepting it or the RSA key, or get an error about a key or RSA key....
then try the following.
Windows
- In cmd.exe or Powershell, type in:
cd C:\Users\username\.ssh
Where username is your username on the computer you are using.
You can also click folders in File Explorer to get to above. - Open known_hosts file.
- Inside the known_hosts file, you need to remove all lines that say tux.cs.drexel.edu, tux, or tux with a number after it. It might be all on *one* line, separated by commas. You can just delete the entire line.
- Once you remove those and save the file, you will be able to connect and accept the new host keys.
Mac
- Go to /Users/username/.ssh where username is your account name on your Mac. To go to the .ssh folder, once you are in /Users/username/ press Command + Shift + '>/.' key which will show the hidden folders on your Mac
- Open the file 'known_hosts' in /Users/username/.ssh using textedit.
- Remove any lines that say tux.cs.drexel.edu, tux, or tux with a number after them. Make sure that you remove the full line.
- Save the file and try connecting again.
- Accept a new host key when it prompts after entering password and username.
Linux
- Run the command ssh-keygen -f "/path/to/.ssh/known_hosts" -R "tux.cs.drexel.edu"
The path is often ~/.ssh/known_hosts, but may change depending on your system.
You may also need to remove "tux" and "tuxN", where N is a number from 1-5, depending on which machines you've connected to before. - Connect to Tux again.
- Accept the new Host Key.
ADVANCED TROUBLESHOOTING for
"WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"
If you get the error below on how your connection is refused, and maybe that your host key SHA256 hash has changed....
OUTPUT of ERROR:
mjg88@tux1:~$ ssh mjg88@cci-x999.cci.drexel.edu
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the PR99999 key sent by the remote host is
SHA256:DiSiSn0tAr3@Lk3yf0oLYwUdw3Li$t@r3aLk3yHeR3c.
Please contact your system administrator.
Add correct host key in /home/mjg88/.ssh/known_hosts to get rid of this message.
Offending PR99999 key in /home/mjg88/.ssh/known_hosts:2
remove with:
ssh-keygen -f "/home/mjg88/.ssh/known_hosts" -R "cci-x999.cci.drexel.edu"
Host key for cci-x999.cci.drexel.edu has changed and you have requested strict checking.
Host key verification failed.
Then... To fix this... Remove the record using the command below:
Replace mjg88 with YOUR userid.
Replace cci-X99.cci.drexel.edu with tux.cs.drexel.edu or the proper host name.
ssh-keygen -f "/home/mjg88/.ssh/known_hosts" -R "cci-x999.cci.drexel.edu"
Example of commands and OUTPUT from running above.
Again, replace userid & host name.
mjg88@tux1:~$ ssh-keygen -f "/home/mjg88/.ssh/known_hosts" -R "cci-x999.cci.drexel.edu"
# Host cci-x999.cci.drexel.edu found: line 2
/home/mjg88/.ssh/known_hosts updated.
Original contents retained as /home/mjg88/.ssh/known_hosts.old
mjg88@tux1:~$ ssh mjg88@cci-x999.cci.drexel.edu
The authenticity of host 'cci-x999.cci.drexel.edu (10.0.0.1)' can't be established.
PR99999 key fingerprint is SHA256:DiSiSn0tAr3@Lk3yf0oLYwUdw3Li$t@r3aLk3yHeR3c.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'cci-x999.cci.drexel.edu' (PR99999) to the list of known hosts.
mjg88@cci-x999.cci.drexel.edu's password:
Then you enter your password.
NOW... if you do the commands below and get the output BELOW...
Especially if your website or web service is not working...
Email ihelp@drexel.edu
mjg88@tux4:~$ ssh-keygen -f "/home/mjg88/.ssh/known_hosts" -R "cci-x999.cci.drexel.edu"
# Host cci-x999.cci.drexel.edu found: line 1
# Host cci-x999.cci.drexel.edu found: line 2
# Host cci-x999.cci.drexel.edu found: line 3
/home/mjg88/.ssh/known_hosts updated.
Original contents retained as /home/mjg88/.ssh/known_hosts.old
mjg88@tux4:~$ ssh mjg88@cci-x999.cci.drexel.edu
The authenticity of host 'cci-x999.cci.drexel.edu (10.0.0.1)' can't be established.
PR99999 key fingerprint is SHA256:DiSiSn0tAr3@Lk3yf0oLYwUdw3Li$t@r3aLk3yHeR3c.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'cci-x999.cci.drexel.edu' (PR99999) to the list of known hosts.
mjg88@cci-x999.cci.drexel.edu's password: <correct pwd entered>
Permission denied, please try again.
Again, if you do the commands ABOVE and get the output ABOVE...
Especially if your website or web service is not working...
Email ihelp@drexel.edu