Linux Tactic

Fixing the Host Key Verification Failed Error in SSH

The Host key verification failed error is a common error when establishing an SSH connection with a remote server. This error occurs when the remote server’s public host key has changed, and the known_hosts file on the client machine still contains the old key.

In this article, we will explore the SSH connection establishment process, the reasons for this error, and the different ways to fix it.

SSH Connection Establishment Process

Before we dive into the error itself, let’s understand the SSH connection establishment process. When you try to establish an SSH connection with a remote server, your client machine will request the remote server’s public host key.

The client machine will check its known_hosts file to see if it already has this key. If the key is not found, the client machine will ask the user to verify the key’s authenticity by comparing the key’s fingerprint with the one provided by the server.

If the key fingerprints match, the client machine will add the key to its known_hosts file and establish a connection.

Reasons for the Host Key Verification Failed Error

There are several reasons why you might encounter the Host key verification failed error. One of the most common reasons is a changed remote host key.

This could happen when the remote server’s SSH configuration has changed or when the server has been rebuilt. Another reason could be that the known_hosts file on the client machine has been corrupted or modified by a third party.

Error Message Details

When you encounter the Host key verification failed error, the error message will typically contain the remote server IP address, the line number in the known_hosts file where the error occurred, and the offending key. For example:

“$ ssh remote_server

The authenticity of host ‘remote_server (192.168.0.55)’ can’t be established.

ECDSA key fingerprint is SHA256:abhvzdjblruekjsahfvnbvkerfgzweoiwur. Are you sure you want to continue connecting (yes/no)?

no

Host key verification failed. “

This message tells us that the server at IP address 192.168.0.55 has an ECDSA key with the fingerprint SHA256:abhvzdjblruekjsahfvnbvkerfgzweoiwur, and that the user chose to abort the connection.

Fixing the Host Key Verification Failed Error

There are several ways to fix the Host key verification failed error. In this section, we will cover three common methods for resolving this error.

Using the sed command

One way to fix the Host key verification failed error is to modify the known_hosts file using the sed command. The sed command allows us to modify files’ contents by substituting one string with another.

We can use this command to delete the line that contains the offending host key. To delete a line from the known_hosts file using the sed command, follow these steps:

1.

Open a terminal window. 2.

Type the following command, replacing offending_key with the key you want to remove:

“`

$ sed -i ‘/offending_key/d’ ~/.ssh/known_hosts

“`

This command will delete the line that contains the offending_key from the known_hosts file. Be sure to replace offending_key with the actual key you want to remove.

Manually Editing the known_hosts File

Another way to fix the Host key verification failed error is to manually edit the known_hosts file. We can use a text editor like nano to open the file and delete the offending line.

To remove a line from the known_hosts file using the nano text editor, follow these steps:

1. Open a terminal window.

2. Type the following command to open the known_hosts file in the nano editor:

“`

$ nano ~/.ssh/known_hosts

“`

3.

Navigate to the line that contains the offending host key. 4.

Press the delete key to remove the line. 5.

Press Ctrl + X to exit nano and save the changes.

Removing the Server Using ssh-keygen Command

A third way to fix the Host key verification failed error is to use the ssh-keygen command to remove the offending host key. To remove a host key using the ssh-keygen command, follow these steps:

1.

Open a terminal window. 2.

Type the following command, replacing remote_server with the name or IP address of the server whose key you want to remove:

“`

$ ssh-keygen -R remote_server

“`

This command will remove the key for the remote_server from your known_hosts file, allowing you to establish a new connection to the server.

Conclusion

In conclusion, the Host key verification failed error is a common error when establishing an SSH connection with a remote server. This article explored the SSH connection establishment process, the reasons for this error, and the different ways to fix it.

By using the sed command, manually editing the known_hosts file, or removing the offending key using the ssh-keygen command, you can resolve this error and connect to your remote server securely. When establishing an SSH connection to a remote server, you may encounter the Host key verification failed error.

This error occurs when the remote server’s public key has changed and does not match the key stored in the known_hosts file on your client machine. In this article, we have covered the SSH connection process, reasons for this error, and ways to fix it.

In this expansion, we will go into further detail on the causes of this error and the different methods to fix it.

Cause of Host Key Verification Error

The Host key verification failed error can occur due to different reasons such as server key changes, network issues, and a mismatch between remote server and client machine. The most common issue that causes this error is a changed remote host key.

This change can happen when the remote server’s SSH configuration has changed, or when the server has been rebuilt. Another cause could be that the known_hosts file on the client machine has been corrupted or modified by a third party.

An additional reason for this error is network problems. For example, if there is a Man-in-the-Middle (MitM) attack or an improperly configured firewall, it can interfere with the SSH connection.

A MitM attack can occur when an attacker intercepts your connection and impersonates the remote server. This attack could also lead to the Host key verification failed error since the public key provided by the attacker will be different from the one stored in the known_hosts file.

Configuring a server’s firewall to block SSH connections can also cause this error.

Solution to Fix the Error

There are different methods to fix the Host key verification failed error. Let’s discuss these methods in more detail, starting with the removal of the offending host.

Removing the Offending Host

The simplest way to resolve the Host key verification failed error is to remove the offending host from the known_hosts file manually. There are different text editors you can use to open the known_hosts file on your client machine.

One widely used editor is Nano. You can open the file by typing the following command in the terminal:

“`

nano ~/.ssh/known_hosts

“`

Once you have opened the file, you can remove the offending host key by deleting the line that contains it.

This method is straightforward and requires no scripting or command-line knowledge. However, it is not the best solution if you have multiple known_hosts files, or if you need to remove multiple offending hosts.

Using the ssh-keygen Command

The ssh-keygen command is a built-in Unix utility that is used to generate, manage, and remove SSH keys. This command can also be used to remove the offending host key.

Here’s how to use this command:

“`

ssh-keygen -R remote_host

“`

The ssh-keygen command removes the host key for remote_host from the known_hosts file. This command only removes the host key for a single host.

However, you can enter several remote hosts separated by a space, as shown below:

“`

ssh-keygen -R remote_host1, remote_host2, remote_host3

“`

This command will remove the host key for remote_host1, remote_host2 and remote_host3 from the known_hosts file. This method is useful if you only have a few machines to remove, but it can be time-consuming if you have many.

Using the sed Command

The sed command can be used to remove the offending host key automatically. This command allows you to automate the process of removing multiple offending hosts from the known_hosts file.

Here’s how to use the sed command:

“`

sed -i ‘/offending_key/d’ ~/.ssh/known_hosts

“`

The sed command removes the line that contains the offending_key from the known_hosts file. This command only removes the offending host for a single host.

However, you can use a script to remove multiple hosts at once. In this example, we will create a script to remove multiple hosts at once.

The following script reads a list of offending hosts from a file named offending_hosts.txt and removes them from the known_hosts file:

“`

while read -r line; do

sed -i “/$line/d” ~/.ssh/known_hosts

done < offending_hosts.txt

“`

This script reads each line in the file named offending_hosts.txt and substitutes it for a variable named line. The sed command then removes the line that contains the host key for the variable named line from the known_hosts file.

This method is useful if you have many offending hosts to remove. In conclusion, the Host key verification failed error can occur due to different reasons such as changed remote host key, network problems, and mismatch between remote server and client machine.

The best way to fix this error depends on the number of offending hosts you have to remove and your expertise. You can manually remove the offending host, use the ssh-keygen command to remove the key, or use the sed command to remove multiple offending hosts at once.

With the information provided in this article, you should be able to resolve the Host key verification failed error and establish an SSH connection with your remote server. In conclusion, the Host key verification failed error is a common issue that occurs when trying to establish an SSH connection with a remote server.

This error is caused by a changed remote host key and can be fixed by removing the offending host or modifying the known_hosts file with the ssh-keygen or sed commands. It’s crucial to ensure that stored keys are verified to establish a safe connection between the host and the client machine.

Maintaining security and ensuring the integrity of the connection is crucial for protecting sensitive information. By following the steps outlined in this article, users can quickly resolve this error and protect their data.

Popular Posts