ssh: remote host identification has changed...not really

Karl Auer kauer at biplane.com.au
Fri Feb 27 11:36:20 UTC 2015


On Fri, 2015-02-27 at 09:00 +0000, Thufir wrote:
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

If you know that the host is the correct one, you can follow the
instructions in the message to clear the error; your next login will
work:

   ssh-keygen -f "/home/thufir/.ssh/known_hosts" -R 192.168.1.2

But as you say, you will get the message every time the OS changes.

You could turn off strict checking in your ssh_config file
("StringHostKeyChecking no"). I think that would be a mistake.

You could turn off host checking altogether in your ssh_config file
("CheckHostIP no"). Again, not a great idea.

Or do either of the above two things JUST for connections to tleilax and
doge from within your network - use "-o CheckHostIP=no" or "-o
StrictHostKeyChecking=no" on the ssh command line when connecting to
those hosts. This would be made very simple if you used a script or
alias to run ssh.

While copying host keys is generally NOT a good idea, copying one OS'
host key into the other OS on the same system is a perfectly acceptable
thing. So decide on which host key you like best, and make it the host
key for both boot configurations on tleilax. If you also connect to doge
and doge sometimes changes OS too, do the same on doge. But don't put
the same key on both tleilax and doge.

> but it's almost certainly erroneous.

No, it's not erroneous, just undesirable in your particular
configuration. And there are at least six ways around it (seven if you
count "grit your teeth").

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
Old fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882





More information about the ubuntu-users mailing list