Host key verification failed

Unanswered Question
Sep 2nd, 2009
User Badges:

When I SSH to a Cisco IPS from my MARS I get the following message -

ssh x.x.x.x


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@


@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@


IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!


Someone could be eavesdropping on you right now (man-in-the-middle attack)!


It is also possible that the DSA host key has just been changed.


The fingerprint for the DSA key sent by the remote host is (intentionally removed).


Please contact your system administrator.


Add correct host key in /opt/janus/release/bin/.ssh/known_hosts to get rid of this message.


Offending key in /opt/janus/release/bin/.ssh/known_hosts:1


DSA host key for x.x.x.x has changed and you have requested strict checking.


Host key verification failed."



I *really* need to get this IPS reporting to the MARS as soon as possible and this is preventing it. How do I add the correct host key in the known hosts file on the MARS? BTW, it says I have requested strict checking but if they are referring to the ssl/ssh settings they are set to automatically always accept. Also, I do not have access to the IPS to generate another key (if this would even help). I have opened a TAC case but we all know how long they can take to make contact.

Any help is GREATLY appreciated!

Cheers,

Jeremy

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Mohamed Salah Wed, 06/26/2013 - 03:32
User Badges:

This seems to have been ignored by all parties it seems, not sure if you (jeremy) resolved this issue and forgot you put it up. I recently had this issue and didnt have clue what was causing it...


So here we go:

The out put was generated by my local linux (server).  Exactly the same as above..


Step 1

I first made sure i configured ssh correctly (waste of time but good refresher for me)... http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml


Step 2

Clear the known hosts file


The error message had the answes...just did not know where to look...


"The fingerprint for the DSA key sent by the remote host is (intentionally removed)." - someone generated a new rsa key in my case..


"Offending key in /opt/janus/release/bin/.ssh/known_hosts:1" local key doesnt match so i had to clear it...


ssh-keygen -R hostname/ipaddress


Step 3

Try reconnect again ---


The authenticity of host 'switch1 (192.168.1.101)' can't be established.

RSA key fingerprint is zzzzzzzzzzzzzzzzzzzzzzzzzzzzzxxxxxxxxx.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'switch1,192.168.1.101' (RSA) to the list of known hosts.



I hope this helps anyone having this issue..

Actions

This Discussion