print friendly version

Questions and answers

2761
How can I connect to a secure shell session if I get a notification that its identification has changed?


When you connect to a remote UNIX or Linux service using secure shell (ssh), you might receive a warning like this one if the service has moved to a different server:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for unix.sussex.ac.uk has changed,
and the key for the corresponding IP address 139.184.24.22
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@


Because the location of the service has changed since the last time you connected, your computer warns you to check before you continue as it could mean that someone is trying to redirect you to a fraudulent service. However, this also happens if the service is relocated, as when the unix.sussex.ac.uk server was moved to a different machine in March 2018.

To continue with the connection on a Mac or Linux computer, you have to first remove the existing fingerprint of the server from your known_hosts file. You can do this for unix.sussex.ac.uk using the following command:

ssh-keygen -R unix.sussex.ac.uk


or this command to remove all keys for a server with a name starting with "unix":

sed '/^unix/ d' ~/.ssh/known_hosts

Help us to improve this answer

Please suggest an improvement
(login needed, link opens in new window)

Your views are welcome and will help other readers of this page.

Categories

This is question number 2761, which appears in the following categories:

Created by David Guest on 12 November 2015 and last updated by Alexander Butler on 12 March 2018