The RSA key on the Openbridge Server was changed and your SSH client is warning you that the discrepancy might be the fault of an attacker.
This guide will help resolve SSH connection issues that produce the following error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is x. Please contact your system administrator.
Add correct host key in /home/ec2-user/.ssh/known_hosts to get rid of this message. Offending RSA key in /home/ec2-user.ssh/known_hosts:222 RSA host key for openbridge.com has changed and you have requested strict checking. Host key verification failed.
Why does this error occur?
This error occurs when the target server you are trying to SSH into has been rebuilt or had it's RSA key changed since the last time you connected to it. Whenever you connect to a server via SSH, that server's public key is stored in your home directory (or possibly in your local account settings if using a Mac or Windows desktop) file called known_hosts .
When you reconnect to the same server, the SSH connection will verify the current public key matches the one you have saved in your known_hosts file. If the server's key has changed since the last time you connected to it, you will receive the above error (or one similar to it).
How to fix the error
While contacting your system administrators when any odd warning message occurs is a good idea, you are safely able to resolve this issue yourself:
First, locate your known_hosts file, and open in a general text editor. The error will often give you the location of the known_hosts file you need to change. In the example above the offending RSA key is located here: /home/ec2-user.ssh/known_hosts:222
Linux and Mac Users
Linux users will find this file in their home directory, in the ~/.ssh/ directory. You use sed to remove the offending line. Run something like sed -i '222d' ~/.ssh/known_hosts which will remove the offending line as reported in our example
Mac users will find this in either their local account's ~/.ssh folder, or their network home directory as with Linux users. You can also run sed -i '222d' ~/.ssh/known_hosts
You can also use the IP address with sed like this sed -i '/1.2.3.4/d' /home/ec2-user/.ssh/known_hosts
Another option is to user ssh-keygen with the -R option. This removes all keys belonging to hostname from a known_hosts file. This option is useful to delete hashed hosts. If your remote hostname is server.openbridge.com
$ ssh-keygen -R {server.openbridge.com}
$ ssh-keygen -R {ssh.server.ip.address}
ssh-keygen -R {ssh.server.ip.address} -f {/path/to/known_hosts}
$ ssh-keygen -R server.openbridge.comLastly, you can edit your known_hosts with a text editor and remove the offending line. For example, using vi
Type vi ~/.ssh/known_hosts . Go to line 222 and then dd to delete and then wq to save.
Windows Users
Windows users have several places this can be changed. Common places are ~\Users\~\AppData\Roaming\_ssh\ or the SSH client's configuration settings. This also might be in a location like C:\Users\username\.ssh or C:\cygwin64\home\bob\.ssh\known_hosts . The specific location will be a function of your Windows environment.
Similar to the Mac and Linux examples, you want to remove the offending SSH key reference:
Remove the line containing the host name of the server you failed to connect to. In the example above,
:222indicates the server is on line222of theknown_hostsfile
Save the
known_hostsfile after removing the offending key line
Attempt to establish the SSH connection again. Once connected, you will see a new entry is created for the server in your
known_hostsfile
The next time you attempt to log in, SSH should tell you that the host key is unknown and ask if you want to connect and save the new key.