# SSH security failure fix?



## NovaScotian (Feb 23, 2004)

Having recently moved the system on a remote machine to another HD, now when I try to start an SSH session I get this message:
*********
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is (16 hex numbers separated by colons).
Please contact your system administrator.
Add correct host key in /Users/themachine/.ssh/known_hosts to get rid of this message.
Offending key in /Users/mymachine/.ssh/known_hosts:1
RSA host key for 192.168.1.4 has changed and you have requested strict checking.
Host key verification failed.
*******
What do I do about this, or at least where do I find out what to do?


----------



## rhg (Feb 23, 2004)

You still have the old RSA host key cached although the remote machine meanwhile has a new key obviously. To fix this, edit the .ssh/known_hosts file in your home directory as said in the message. In this file, locate the offending key (it is a single text line prefixed fith the remote machine's name and/or IP address) and delete it.


----------



## NovaScotian (Feb 23, 2004)

As a relative newbie to this, I'm twice confused.

1) Which machine am I sitting at when I do this - the remote host or the client? In which of them is the change needed?

2) In a terminal session (client), if I type: vi .ssh/known_hosts, I get a page of tildes, but nothing else, presumably because an administrator is not supposed to change these (only root?). Should I enter: sudo vi .ssh/known_hosts to see the contents of the file? Is there a strong risk of screwing up something important?

Thanks


----------



## rhg (Feb 23, 2004)

The machine where you sit and type ssh or scp is the client. This is the one where you should edit the .ssh/known_hosts file. BTW, since it is located in your home directory it is owned by you, not the superuser, so you are allowed to edit it.

If vi is just showing tildes, try the following:
 cat .ssh/known_hosts
This should display the keys of all hosts you already connected to with ssh.

In case it shouldn't be possible to edit the file you can as well simply delete it. It will be rebuilt once you connect a remote machine with ssh again. Deleting the file will cure your problem for sure.


----------



## rhg (Feb 23, 2004)

Another thing. If you only see tildes in vi, try to move down in the file with the arrow keys until you see the file's contents. The tildes are displayed whenever a single lien is too long to fit on a page.


----------



## NovaScotian (Feb 23, 2004)

Thanks;

It's clear that I should stay away from the Terminal. Cat worked fine, but trying to remove the file simply got me a no such file response even though I had copied the file name from the message. In vi I just got tildes with nothing following, but I think it was creating a new file so it wasn't finding it either.

Finally, the brute force solution: I booted into OS 9.2.2, found the file in the OS X partition with Sherlock, and trashed it - pretty ugly, but effective. That solved the problem, of course, and SSH is reauthenticated for that machine. Seems I'll have to stick to my trusty G4 because I couldn't have done that to a G5.


----------



## naodx (Feb 23, 2004)

Try typing vi ~/.ssh/known_hosts at the command line.

This will ensure that you are working with the copy in your Users folder.

If all you are seeing are tildes ~ when you envoke vi (vim actually), then yes you are creating a new file.


----------



## lurk (Feb 24, 2004)

One thing is that the file in question could also have been ~/.ssh/known_hosts2 depending on the protocol of the remote machine.


----------



## bob@bomar.us (Mar 14, 2004)

Make sure that ~/.ssh/known_hosts is rw by your user.

When you moved the remote machine, did you change the /etc/ssh/ssh_host_*_key files?  If you did then you need the new key, if not then there is a problem.


----------



## robfwauk (Jul 3, 2008)

If you are only seeing tildes then you have tried to open a file that does not exist.  I use that method to create a file instead of the touch command.


----------

