Contact The CCI Helpdesk

Fix SSH host key error for Tux

Introduction

Mac Terminal or Putty or another SSH client or command-line SSH or SCP should be able to connect as normal to Tux. You will need to accept a new host key when connecting. 

If you have trouble accepting it or the RSA key, or get an error about a key or RSA key....

then try the following.

Windows

  1. In cmd.exe or Powershell, type in:
    cd C:\Users\username\.ssh
    Where username is your username on the computer you are using.
    You can also click folders in File Explorer to get to above.
  2. Open known_hosts file.
  3. Inside the known_hosts file, you need to remove all lines that say tux.cs.drexel.edu, tux, or tux with a number after it. It might be all on *one* line, separated by commas. You can just delete the entire line.
  4. Once you remove those and save the file, you will be able to connect and accept the new host keys.

Mac

  1. Go to /Users/username/.ssh where username is your account name on your Mac. To go to the .ssh folder, once you are in /Users/username/ press Command + Shift + '>/.' key which will show the hidden folders on your Mac
  2. Open the file 'known_hosts' in /Users/username/.ssh using textedit.
  3. Remove any lines that say tux.cs.drexel.edu, tux, or tux with a number after them. Make sure that you remove the full line.
  4. Save the file and try connecting again.
  5. Accept a new host key when it prompts after entering password and username.

Linux

  1. Run the command ssh-keygen -f "/path/to/.ssh/known_hosts" -R "tux.cs.drexel.edu"

    The path is often ~/.ssh/known_hosts, but may change depending on your system.
    You may also need to remove "tux" and "tuxN", where N is a number from 1-5, depending on which machines you've connected to before.

  2. Connect to Tux again.
  3. Accept the new Host Key.

ADVANCED TROUBLESHOOTING for 
"WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"

If you get the error below on how your connection is refused, and maybe that your host key SHA256 hash has changed....

OUTPUT of ERROR:

mjg88@tux1:~$ ssh mjg88@cci-x999.cci.drexel.edu

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the PR99999 key sent by the remote host is

SHA256:DiSiSn0tAr3@Lk3yf0oLYwUdw3Li$t@r3aLk3yHeR3c.

Please contact your system administrator.

Add correct host key in /home/mjg88/.ssh/known_hosts to get rid of this message.

Offending PR99999 key in /home/mjg88/.ssh/known_hosts:2

remove with:

ssh-keygen -f "/home/mjg88/.ssh/known_hosts" -R "cci-x999.cci.drexel.edu"

Host key for cci-x999.cci.drexel.edu has changed and you have requested strict checking.

Host key verification failed.

Then... To fix this... Remove the record using the command below:

Replace mjg88 with YOUR userid.

Replace cci-X99.cci.drexel.edu with tux.cs.drexel.edu or the proper host name.

ssh-keygen -f "/home/mjg88/.ssh/known_hosts" -R "cci-x999.cci.drexel.edu"

Example of commands and OUTPUT from running above.

Again, replace userid & host name.

mjg88@tux1:~$ ssh-keygen -f "/home/mjg88/.ssh/known_hosts" -R "cci-x999.cci.drexel.edu"

# Host cci-x999.cci.drexel.edu found: line 2

/home/mjg88/.ssh/known_hosts updated.

Original contents retained as /home/mjg88/.ssh/known_hosts.old

mjg88@tux1:~$ ssh mjg88@cci-x999.cci.drexel.edu

The authenticity of host 'cci-x999.cci.drexel.edu (10.0.0.1)' can't be established.

PR99999 key fingerprint is SHA256:DiSiSn0tAr3@Lk3yf0oLYwUdw3Li$t@r3aLk3yHeR3c.

This key is not known by any other names

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added 'cci-x999.cci.drexel.edu' (PR99999) to the list of known hosts.

mjg88@cci-x999.cci.drexel.edu's password:

Then you enter your password.

NOW... if you do the commands below and get the output BELOW...

Especially if your website or web service is not working...

Email ihelp@drexel.edu

mjg88@tux4:~$ ssh-keygen -f "/home/mjg88/.ssh/known_hosts" -R "cci-x999.cci.drexel.edu"

# Host cci-x999.cci.drexel.edu found: line 1

# Host cci-x999.cci.drexel.edu found: line 2

# Host cci-x999.cci.drexel.edu found: line 3

/home/mjg88/.ssh/known_hosts updated.

Original contents retained as /home/mjg88/.ssh/known_hosts.old

mjg88@tux4:~$ ssh mjg88@cci-x999.cci.drexel.edu

The authenticity of host 'cci-x999.cci.drexel.edu (10.0.0.1)' can't be established.

PR99999 key fingerprint is SHA256:DiSiSn0tAr3@Lk3yf0oLYwUdw3Li$t@r3aLk3yHeR3c.

This key is not known by any other names

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added 'cci-x999.cci.drexel.edu' (PR99999) to the list of known hosts.


mjg88@cci-x999.cci.drexel.edu's password: <correct pwd entered>

Permission denied, please try again.

Again, if you do the commands ABOVE and get the output ABOVE...

Especially if your website or web service is not working...

Email ihelp@drexel.edu

CCI Support Site