- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- SSH RSA key issue " Host verification failed "
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2012 03:18 AM
09-12-2012 03:18 AM
SSH RSA key issue " Host verification failed "
Hi,
When tried to connect to server ( hpux 11.31) thru ssh from a network device, it gives following error message
Add correct host key in /home/scr/.ssh/known_hosts to get rid of this message.
Offending key in /home/scr/.ssh/known_hosts:4
RSA host key for 10.254.29.1 has changed and you have requested strict checking.
Host key verification failed.
I tried the following command
ssh-keygen -F <hostname> -f known_hosts
it didn't pull up the host keys
I thought if it pulls up the host keys, i could remove the same using the following command
ssh-keygen –R rx26-155 -f known_hosts
so the next time when the network device tries to connect, it will prompt for RSA fingerprint and get connected.
Please share your valuable inputs..
Thanks & Regards,
Anand
- Tags:
- ssh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-13-2012 09:41 AM
09-13-2012 09:41 AM
Re: SSH RSA key issue " Host verification failed "
> Offending key in /home/scr/.ssh/known_hosts:4
This indicates the conflicting key is on the 4th line of the /home/scr/.ssh/known_hosts file.
You could remove this line and fix the problem that way.
Alternatively...
> RSA host key for 10.254.29.1 has changed and you have requested strict checking.
The keys in the known_hosts files are indexed both by hostname and by IP address. This message indicates the problem is that the old key is still associated with this IP address.
If you run:
ssh-keygen -F 10.254.29.1 -f /home/scr/.ssh/known_hosts
... it should also find the problematic key for you.
Likewise, this command should be able to remove it for you:
ssh-keygen -R 10.254.29.1 -f /home/scr/.ssh/known_hosts
When OpenSSH did not yet have the hostname/IP hashing enabled by default in the known_hosts file, the problem would have been straightforward to notice and fix, as anyone viewing the contents of the known_hosts file would have easily noticed that each host has two entries: one by name and another by IP. But with modern versions, the hashing feature makes the entries pretty much opaque.
Apparently, the OpenSSH developers have not paid enough attention to updating the documentation to describe this behavior, no doubt because they're all already very familiar with OpenSSH from before, and think of this as "obvious". But if you don't already know how SSH handles the keys and have never seen an unhashed known_hosts file, I guess it's not obvious at all.
The ssh-keygen man page indicates that the -F and -R options take a hostname as a parameter, but a careful reading of the option description reveals hints that an IP address can also be used in place of the hostname.
It might be useful to submit a documentation bug report or even a man page patch to the OpenSSH project for this.