In an attempt to modernize our SSH infrastructure, we’ve made some changes to SSH keys on our Linux computers. We’ve disabled DSA host keys, and enabled new ECDSA and ED25519 host keys. This process took a few days, and during that time a few hosts had their keys changed.
If you are experiencing problems trying to SSH into a host after these changes, you might get an error message like the following:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ED25519 key sent by the remote host is SHA256:X+qjwlNGa8PQfJigOEpdY2iAAkJuqbSVGTKg0+bk+P0. Please contact your system administrator. Add correct host key in /Users/me/.ssh/known_hosts to get rid of this message. Offending RSA key in /Users/me/.ssh/known_hosts:2 ED25519 host key for mo.ece.pdx.edu has changed and you have requested strict checking. Host key verification failed.
The format of the message will vary from platform to platform but the basic idea of the message will be similar. The important line here is:
Offending RSA key in /Users/me/.ssh/known_hosts:2
.
This indicates the file you are going to have to change (/Users/me/.ssh/known_hosts) and a line number (2) that you are going to need to delete. If you delete that line from that file and save, you should be able to SSH into the computer you were trying to connect to again.
If this doesn’t work or you’re still having issues, please contact us at support@cat.pdx.edu or by joining us on our support chat at https://support.cat.pdx.edu.
If you want to verify that you are connecting to the real host, you can verify our ssh host public keys at https://intranet.cecs.pdx.edu/info/ssh_known_hosts