In this article, I am show you how to resolve “host key verification Failed” error in Linux. I am sure many of you uses ssh protocol to access remote host in Linux. Many of you also have observed this “host key verification failed” error while trying to connect remote server through ssh based commands. This error usually occurs when remote host change its key very oftenly due to certain reasons. We will now go through below given 2 different methods to fix this issue.
SSH “Host Key Verification Failed” Error in Linux
In this example we have 2 different host to demonstrate the "host key verification failed"
error in Linux.
192.168.0.100
192.168.0.106
Here we are trying to copy ssh public key from one host(192.168.0.100)
to another host(192.168.0.106)
using ssh-copy-id
command as you can see below. Like in many ssh error whenever we face this kind of situation then the first thing we always try is to connect remote host through simple ssh
command and check if this error still throws or not.
root@localhost:~# ssh-copy-id root@192.168.0.106 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ERROR: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)! ERROR: It is also possible that a host key has just been changed. ERROR: The fingerprint for the ED25519 key sent by the remote host is ERROR: SHA256:mx1ctmvoleWzmA3kVqOr+H9uIMQFPsK9eTXlnJ5fnGA. ERROR: Please contact your system administrator. ERROR: Add correct host key in /root/.ssh/known_hosts to get rid of this message. ERROR: Offending ECDSA key in /root/.ssh/known_hosts:5 ERROR: remove with: ERROR: ssh-keygen -f "/root/.ssh/known_hosts" -R "192.168.0.106" ERROR: ED25519 host key for 192.168.0.106 has changed and you have requested strict checking. ERROR: Host key verification failed.
NOTE:
root
user to run all the below commands.You can use any user with sudo
access to run all these commands. For more information Please check Step by Step: How to Add User to Sudoers to provide sudo
access to the User.Now here we are trying to connect remote host(192.168.0.106)
using ssh
command but we see same error here as well.
root@localhost:~# ssh root@192.168.0.106 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ED25519 key sent by the remote host is SHA256:mx1ctmvoleWzmA3kVqOr+H9uIMQFPsK9eTXlnJ5fnGA. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /root/.ssh/known_hosts:5 remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R "192.168.0.106" ED25519 host key for 192.168.0.106 has changed and you have requested strict checking. Host key verification failed.
Method 1: Remove the old Key manually
We need to first check the known_hosts
file and identify the Line which needs to be removed. As shown in the above output Offending ECDSA Key is in Line 5.
root@localhost:~# vi /root/.ssh/known_hosts |1|5CmiAXPuYGM70G8z3heGuwoSs7E=|jkGqOlPtgJ2mZbAzAq/AJNADN3I= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAPzd/8/PhIgKU3FIPVEUwIyoQHOt8eJoABt0RaufdVrrPnFHHSQ6jXBRV9hSkamZSGBHPsmE3f/dY7tnpHoZUM= |1|xHNRVs6McL0Gp80pV7a+ljscOLE=|gTJY5lhzrj4QYaBD9JA3UflX/lM= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAPzd/8/PhIgKU3FIPVEUwIyoQHOt8eJoABt0RaufdVrrPnFHHSQ6jXBRV9hSkamZSGBHPsmE3f/dY7tnpHoZUM= |1|CBAvhjKLrxeAAzM2uT8J4szRSps=|HI5xiBZaeanE8crsBtzLKBmAqXs= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAPzd/8/PhIgKU3FIPVEUwIyoQHOt8eJoABt0RaufdVrrPnFHHSQ6jXBRV9hSkamZSGBHPsmE3f/dY7tnpHoZUM= |1|Db8TGhcXNuKRxXXwNCwjqSt1/uU=|mo9PyxWR3TIQlwud9frNGRcPWe8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAPzd/8/PhIgKU3FIPVEUwIyoQHOt8eJoABt0RaufdVrrPnFHHSQ6jXBRV9hSkamZSGBHPsmE3f/dY7tnpHoZUM= |1|q5/RG/dsqu+dE74tZIlw8e1ChqE=|nB0ZXIXI4K1yurS7UDC3OPfpXPI= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNqUWv4MFC3F1saxTSdfKq7hsQrpYnndhtYKS3o9mye18Wlj9eQVioFJfjklV+k2/tyh44edzobcBbxSRIsxvb8= |1|AyDcLMMCoc+AHSDzIyc8pPR0dHk=|6xF+Gxzl3GwwWDwA6BMUhCtayI0= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGozD0jj2XM/ZDyI0Zo1M90Z3phgG2df2bWy166hAl5xvRGiI8gFP+G1ScJ8uRZr9AiFFGWBDWQIO/VBtmjR7Gg= |1|3Yp+dAPXHBMy9vu5me5SsB1J3vM=|UExr+SJXdZmOSC8y4CBnOr5taqc= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFavUGGTHtoc82HQuv0u6DEEZrabdcGc8l3qjgoacRx0gvVtr5PFKHtBpGwfsuxkDxjGw5ve4cLanT9iDzRLwK0= |1|AytaU8PXh+Lbjz5WxyWIEB/rGiE=|dusFRGTKPdkY997X+n+BMW1uQSM= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA4Lyy04vbYabkqH3V2226NKohEcKoIOjnPhWDLjBr/8Fag94xwUEAbOyWOrpFh7MfAXWW58iaq/k49CPYXP5ss=
So from the above file we need to delete Line 5 using sed -i '5d' ~/.ssh/known_hosts
command as shown below.
root@localhost:~# sed -i '5d' ~/.ssh/known_hosts
Now if you again check /root/.ssh/know_hosts
file then you can see Line number 5 is deleted now as can be seen from below output.
root@localhost:~# cat ~/.ssh/known_hosts |1|5CmiAXPuYGM70G8z3heGuwoSs7E=|jkGqOlPtgJ2mZbAzAq/AJNADN3I= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAPzd/8/PhIgKU3FIPVEUwIyoQHOt8eJoABt0RaufdVrrPnFHHSQ6jXBRV9hSkamZSGBHPsmE3f/dY7tnpHoZUM= |1|xHNRVs6McL0Gp80pV7a+ljscOLE=|gTJY5lhzrj4QYaBD9JA3UflX/lM= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAPzd/8/PhIgKU3FIPVEUwIyoQHOt8eJoABt0RaufdVrrPnFHHSQ6jXBRV9hSkamZSGBHPsmE3f/dY7tnpHoZUM= |1|CBAvhjKLrxeAAzM2uT8J4szRSps=|HI5xiBZaeanE8crsBtzLKBmAqXs= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAPzd/8/PhIgKU3FIPVEUwIyoQHOt8eJoABt0RaufdVrrPnFHHSQ6jXBRV9hSkamZSGBHPsmE3f/dY7tnpHoZUM= |1|Db8TGhcXNuKRxXXwNCwjqSt1/uU=|mo9PyxWR3TIQlwud9frNGRcPWe8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAPzd/8/PhIgKU3FIPVEUwIyoQHOt8eJoABt0RaufdVrrPnFHHSQ6jXBRV9hSkamZSGBHPsmE3f/dY7tnpHoZUM= |1|AyDcLMMCoc+AHSDzIyc8pPR0dHk=|6xF+Gxzl3GwwWDwA6BMUhCtayI0= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGozD0jj2XM/ZDyI0Zo1M90Z3phgG2df2bWy166hAl5xvRGiI8gFP+G1ScJ8uRZr9AiFFGWBDWQIO/VBtmjR7Gg= |1|3Yp+dAPXHBMy9vu5me5SsB1J3vM=|UExr+SJXdZmOSC8y4CBnOr5taqc= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFavUGGTHtoc82HQuv0u6DEEZrabdcGc8l3qjgoacRx0gvVtr5PFKHtBpGwfsuxkDxjGw5ve4cLanT9iDzRLwK0= |1|AytaU8PXh+Lbjz5WxyWIEB/rGiE=|dusFRGTKPdkY997X+n+BMW1uQSM= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA4Lyy04vbYabkqH3V2226NKohEcKoIOjnPhWDLjBr/8Fag94xwUEAbOyWOrpFh7MfAXWW58iaq/k49CPYXP5ss=
Method 2: Remove Known Hosts Using ssh-keygen command
Another method is to use ssh-keygen
command to resolve this error. You can remove the entry of remote host from known_hosts
file using below ssh-keygen
command.
root@localhost:~# ssh-keygen -f "/root/.ssh/known_hosts" -R "192.168.0.106" # Host 192.168.0.106 found: line 5 /root/.ssh/known_hosts updated. Original contents retained as /root/.ssh/known_hosts.old
You can use either of the above given method to remove the host key and then try connecting again. You can use the same ssh command to connect remote host and can see that you are not getting this "host key verification failed"
error again.
root@localhost:~# ssh root@192.168.0.106 The authenticity of host '192.168.0.106 (192.168.0.106)' can't be established. ED25519 key fingerprint is SHA256:mx1ctmvoleWzmA3kVqOr+H9uIMQFPsK9eTXlnJ5fnGA. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.0.106' (ED25519) to the list of known hosts. Password: Last login: Sat May 23 23:54:31 2020 from 192.168.0.101 NOTE: system has 1 active alert; run 'fmadm list' for details. Oracle Corporation SunOS 5.11 11.4 Aug 2018
There is one more way to avoid "host key verification failed"
error by disabling the host key check. This can be done by setting StrictHostKeyChecking
option as no
while using ssh
command to connect remote host. This can be seen from below example.
root@localhost:~# ssh -o 'StrictHostKeyChecking no' root@192.168.0.106
NOTE:
StrictHostKeyChecking
to no
without knowing your system completely as this might create major security breach and make your system vulnerable for Trojan attacks. By default you will see this option set to yes
Now that we are able to login into the remote host. So let’s try to copy the public key again and check but before that we need to exit out from the remote host using exit
command.
root@localhost:~# exit logout Connection to 192.168.0.106 closed.
As done above, we will again try to copy the ssh public key to remote host 192.168.0.106
using ssh-copy-id root@192.168.0.106
command and will see if it works this time.
root@localhost:~# ssh-copy-id root@192.168.0.106 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.168.0.106'" and check to make sure that only the key(s) you wanted were added.
By seeing the above output, you can be sure that it is working fine now and no other error is visible.
Recommended Posts:-
10 Useful iproute2 tools examples to Manage Network Connections in Linux
Popular firewalld examples to open a port on RedHat/CentOS 7
8 Most Popular mkdir command in Linux with Examples
26 Useful Firewall CMD Examples on RedHat/CentOS 7
12 Most Popular rm command in Linux with Examples
9 useful w command in Linux with Examples
Popular Apache Kafka Architecture Explained Using 4 Basic Components
5 Easy Steps to recover LVM2 Partition , PV , VG , LVM metadata in Linux