.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
How To fix offending key in ~/.ssh/known_hosts file on RSA Security Analytics appliances
Issue
When attempting to connect to an appliance via SSH, the message below is displayed.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
a7:a8:f2:97:94:33:58:b7:9d:bc:e0:a6:6b:f7:0a:29.
Please contact your system administrator.
Add correct host key in /home/ramesh/.ssh/known_hosts to get rid of this message.
Offending key in /home/ramesh/.ssh/known_hosts: 6
Permission denied (publickey,password).
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
a7:a8:f2:97:94:33:58:b7:9d:bc:e0:a6:6b:f7:0a:29.
Please contact your system administrator.
Add correct host key in /home/ramesh/.ssh/known_hosts to get rid of this message.
Offending key in /home/ramesh/.ssh/known_hosts: 6
Permission denied (publickey,password).
Cause
This can happen due to a key change, either because the OS or sshd was reinstalled, or because the IP address now points to a different appliance.
Workaround
To resolve the issue, you must remove the offending key to proceed further.Use the following command below to remove the offending key, replacing 6 with the line number mentioned in the error above. (Shown in red in this example)
sed -i '
6d' ~/.ssh/known_hosts
If the installed sed package on the appliance does not have the -i option, use the vi text editor to remove the offending key from the file.
Alternatively, the perl solution below can be used. Once again, the 6 will need to be replaced with the appropriate line number from the error.
perl -pi -e 's/\Q$_// if ($. ==
6);' ~/.ssh/known_hosts
Product Details
RSA Product Set: Security AnalyticsRSA Product/Service Type: Core Appliance, Event Stream Analysis (ESA), Malware Analysis, Security Analytics Server, Archiver
Platform: CentOS
Summary
Warning message is thrown If there is a key change (normally if the OS (or sshd) is reinstalled, the remote host key will change), then you have to delete old invalid key.
Approval Reviewer Queue
ASOC Approval Group