000032281 - How To fix offending key in ~/.ssh/known_hosts file on RSA Security Analytics appliances

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032281
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Core Appliance, Event Stream Analysis (ESA), Malware Analysis, Security Analytics Server, Archiver
Platform: CentOS
IssueWhen attempting to connect to an appliance via SSH, the message below is displayed.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
a7:a8:f2:97:94:33:58:b7:9d:bc:e0:a6:6b:f7:0a:29.
Please contact your system administrator.
Add correct host key in /home/ramesh/.ssh/known_hosts to get rid of this message.
Offending key in /home/ramesh/.ssh/known_hosts: 6
Permission denied (publickey,password).
CauseThis can happen due to a key change, either because the OS or sshd was reinstalled, or because the IP address now points to a different appliance.
WorkaroundTo resolve the issue, you must remove the offending key to proceed further.
Use the following command below to remove the offending key, replacing 6 with the line number mentioned in the error above.  (Shown in red in this example)

sed -i '6d' ~/.ssh/known_hosts

 

If the installed sed package on the appliance does not have the -i option, use the vi text editor to remove the offending key from the file.
Alternatively, the perl solution below can be used.  Once again, the 6 will need to be replaced with the appropriate line number from the error.
 


perl -pi -e 's/\Q$_// if ($. == 6);' ~/.ssh/known_hosts

Attachments

    Outcomes