I've reinstalled my server and I am getting these messages:

[user@hostname ~]$ ssh root@pong
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
6e:45:f9:a8:af:38:3d:a1:a5:c7:76:1d:02:f8:77:00.
Please contact your system administrator.
Add correct host key in /home/hostname /.ssh/known_hosts to get rid of this message.
Offending RSA key in /var/lib/sss/pubconf/known_hosts:4
RSA host key for pong has changed and you have requested strict checking.
Host key verification failed.

I have tried various solutions that I found on the internet. My known_hosts file (normally in ~/.ssh/known_hosts) is in /var/lib/sss/pubconf/known_hosts. I've tried to edit it, but it remains in one state. I have installed ipa-client and have Fedora 19. How do I resolve this warning?

All the answers answered so far works only if you do not have Freeipa installed.

Right answer for freeipa in comments below from adrin here.

Here is the simplest solution

ssh-keygen -R <host>

For example,

ssh-keygen -R 192.168.3.10

From ssh-keygen man page:

• -R hostname Removes all keys belonging to hostname from a known_hosts file. This option is useful to delete hashed hosts (see the -H option above).

use

ssh-keygen -R hostname

An example with an ip address/hostname would be:

ssh-keygen -R 168.9.9.2

This will update the offending of your host from the known_hosts

I had this same error occur after I recreated a Digital Ocean Ubuntu image. I used the following command with my server IP in place of [IP_ADDRESS]

ssh-keygen -R [IP_ADDRESS]

When you reinstall the server its identity changes, and you'll start to get this message. Ssh has no way of knowing whether you've changed the server it connects to, or a server-in-the-middle has been added to your network to sniff on all your communications - so it brings this to your attention.

Simply remove the key from known_hosts by deleting the relevant entry:

sed '4d' -i /var/lib/sss/pubconf/known_hosts

The 4d is on the account of Offending RSA ...known_hosts:4

The sledgehammer is to remove every known host in one fell swoop:

rm ~/.ssh/known_hosts

I come up against this as we use small subnets of short-lived servers from a jump box, and frequently have internal IP address reuse of servers that share the same ssh key.

The problem is that you've previously accepted an SSH connection to a remote computer and that remote computer's digital fingerprint or SHA256 hash key has changed since you last connected. Thus when you try to SSH again or use github to pull code, which also uses SSH, you get an error. Why? Because you're using the same remote computer address as before but the remote computer is responding with a different fingerprint. Therefore, it's possible that someone is spoofing the computer you previously connected to. This is a security issue.

If you're 100% sure that the remote computer isn't compromised, hacked, being spoofed, etc then all you need to do is delete the entry in your known_hosts file for the remote computer. That will solve the issue as there will no longer be a mismatch with SHA256 fingerprint IDs when connecting.

On Mac here's what I did:

1) Find the line of output that reads RSA host key for servername:port has changed and you have requested strict checking. You'll need both the servername and potentially port from that log output.

2) Back up the SSH known hosts file cp /Users/yourmacusername/.ssh/known_hosts /Users/yourmacusername/.ssh/known_hosts.bak

3) Find the line where the computer's old fingerprint is stored and delete it. You can search for the specific offending remote computer fingerprint using the servername and port from step #1. nano /Users/yourmacusername/.ssh/known_hosts

4) CTRL-X to quit and choose Y to save changes

Now type ssh -p port servername and you will receive the original prompt you did when you first tried to SSH to that computer. You will then be given the option to save that remote computer's updated SHA256 fingerprint to your known_hosts file. If you're using SSH over port 22 then the -p argument is not necessary.

Any issues you can restore the original known_hosts file: cp /Users/yourmacusername/.ssh/known_hosts.bak /Users/yourmacusername/.ssh/known_hosts

As many have already said, use ssh-keygen, i.e.

ssh-keygen -R pong

Also, you may like to consider temporarily turning off host key checking:

ssh -oStrictHostKeyChecking=no root@pong

I used the solution of mockinterface, though the sed -i didn't quite work I solved it by deleting the line by hand with vim:

sudo vim /var/lib/sss/pubconf/known_hosts

You can use any other text editor you want, but probably you'll need to show your administrative privileges

Works for me!

Error: Offending RSA key in /var/lib/sss/pubconf/known_hosts:4

This indicates you have an offending RSA key at line no. 4

Solution 1:

1. vi /var/lib/sss/pubconf/known_hosts

2. remove line no: 4.

3. Save and Exit, and Retry.

Solution 2:

ssh-keygen -R "you server hostname or ip"

OR

Solution 3:

sed -i '4d' /root/.ssh/known_hosts

This will remove 4th line of /root/.ssh/known_hosts in place(-i).

This is because your remote computer settings have changed. Remove your current keys for that.

vim /root/.ssh/known_hosts

Delete the line of the IP you are connecting.

The other answers here are good and working, anyway, I solved the problem by deleting ~/.ssh/known_hosts. This certainly solves the problem, but it's probably not the best approach.

In my case it happened because I previously had ssh connection with a machine with same ip(say 192.152.51.10) and the system was considering the RSA key(stored in /home/user_name/.ssh/known_hosts) of the previous host which resulted in mismatch.

To resolve this issue, you have to remove previously stored RSA key for the ip 192.152.51.10.

ssh-keygen -f "/home/user_name/.ssh/known_hosts" -R 192.152.51.10

Remove that the entry from known_hosts using:

ssh-keygen -R *ip_address_or_hostname*

This will remove the problematic IP or hostname from known_hosts file and try to connect again.

From the man pages:

-R hostname
Removes all keys belonging to hostname from a known_hosts file. This option is useful to delete hashed hosts (see the -H option above).

Only client side problem(duplicate key for ip):

Solve variants:

For clear one ip(default port 22):

ssh-keygen -f -R 7.7.7.7

For one ip(non default port):

ssh-keygen -f -R 7.7.7.7:333

Fast clear all ips:

cd ~; rm .ssh/known_hosts

7.7.7.7 - ssh your server ip connect

333 - non standart port

A very simple solution: edit /home/hostname /.ssh/known_hosts,and delete the 4 line, and save it. then run ssh root@pong again, you will see message like this:Are you sure you want to continue connecting (yes/no)? yes, just print yes.

This works for me.

By the way: if you got some problem, read the hints first, it will help.

I had this problem, and the reason is very simple, I have a duplicated IP address to ssh login, so after modify this problem, everthing is solved.

I had the same error in my machine, and I clear the authorized_keys and known_hosts file, and after that, it works fine.

My solution is:

1. vi ~/.ssh/known_hosts
2. delete the line that contains your want connected ip.

This is better than delete all of the known_hosts

If you are getting this error when you are trying to connect to docker image running container then do the following.
E.g. if you are trying to connect to running container on port 2222 and getting the error then .

mian@tdowrick2~$ ssh pos@localhost -p 2222

On your computer go to cd ~/.ssh/ and open known_hosts file. Remove the line starting with [localhost]:2222 and save the file. Now try to ssh again .

mian@tdowrick2~$ ssh pos@localhost -p 2222

Error will disappear.

SOLUTION:

1- delete from "$HOME/.ssh/known_hosts" the line referring to the host towards which is impossible to connect.

2- execute this command: ssh-keygen -R "IP_ADDRESSorHOSTNAME" (substitute "IP_ADDRESSorHOSTNAME" with your destination ip or destination hostname)

3- Retry ssh connection (if it fails please check permission on .ssh directory, it has to be 700)

Sometimes, if for any reason, you need to reinstall a server, when connecting by ssh we will find that you server say that the identification has changed. If we know that it is not an attack, but that we have reinstated the system, we can remove the old identification from the known_hosts using ssh-keygen:

ssh-keygen -R <host/ip:hostname>
root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old

When connecting again we will ask you to validate the new fingerprint:

ssh -l user <host/ip:hostname>
The authenticity of host '<host/ip:hostname>' can't 
be established.
RSA key fingerprint is 3f:3d:a0:bb:59:24:35:6d:e5:a0:1a:3f:9c:86:81:90.
Are you sure you want to continue connecting (yes/no)? yes

My solution on UBUNTU (linux):

1.You have to delete the content from "known_hosts" file which is in "/home/YOUR_USERNAME/.ssh/known_hosts"

2.Generate a new ssh key like "ssh-keygen -t rsa -C "your.email@example.com" -b 4096"

3.Copy-paste your new ssh key in your git repository (gitlab in my case) SSH keys.

It works for me !

Just do:

cd /home/user/.ssh/ -> here user will be your username, i.e. /home/jon/ for example.

Then

gedit known_hosts & and delete the contents inside it.

Now ssh again, it should work.

Use this command:

truncate -s 0 /home/SYSTEM_NAME/.ssh/known_hosts