After fresh dietpi install, I've installed some software and reboot. Now ssh says: WARNING: REMOTE HOST IDENTIFICATION..

mk33 · 1 February 2022 21:31

So I did a fresh install of DietPi and installed some software. Then It asked to reboot in order to make some new services to work.
But now when I do SSH it’s saying that:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.

How do I know if someone is doing something nasty or if the host key has just been changed?

Thank you

Joulinar · 1 February 2022 21:37

I had this as well on a couple of testing VM’s the last weeks. Should be fine. There should be nobody who has access to your system as long as you don’t forward SSH port to internet.

MichaIng
FYI

MichaIng · 5 February 2022 14:03

I guess you installed OpenSSH as replacement for Dropbear SSH server, right? In this case the SSH host keys change:

It is also possible that a host key has just been changed.

Joulinar · 5 February 2022 14:06

in my case, nope

MichaIng · 5 February 2022 16:27

With testing VMs (when you reuse the same IPs) it is basically the same. The SSH client stores the host keys associated with the IPs/hostnames you used to connect to the SSH server. Hence when you spin up a new VM with the same IP/hostname, there is a mismatch and hence the warning.

Joulinar · 7 February 2022 13:14

indeed related to hostname change.

DomotiCloud · 7 February 2022 19:55

For all my installation, simply remove “known host” in /home/xxx/.ssh
Idem from windows 11 and fedora

MichaIng · 8 February 2022 00:04

What? No, do not remove all known host keys for all users on Linux clients. Instead do the following when using the OpenSSH client:

ssh-keygen -R hostname

Replace hostname with the IP or hostname you use to connect to the server with the changed host key. This removes the entry for this particular host for the current user. Then, when running again ssh username@hostname, it allows you to confirm the new key.

On Windows, all SSH clients I know allow to confirm a changed host key without having to remove it first.

ghezzia · 6 March 2022 06:38

I have the same problem using WebSSH app from any IOS devices, and it simply ask me to force the connection.
Although I can’t force the connection from my Mac OS ( using terminal).
Is there a way to solve it also from Mac OS?

Joulinar · 6 March 2022 07:06

If I’m not mistaken, you need to remove the SSH host key somewhere inside the MacOS. But I don’t know where exactly, as I don’t use Apple devices. Maybe you could ask your preferred search engine to look around.

MichaIng · 6 March 2022 15:47

The command given in my last post should work on macOS to forget the key for the particular hostname/IP you use to connect to DietPi.

ghezzia · 7 March 2022 07:58

thanks MichaIng .
With this command ssh-keygen -R hostname (changing hostname with the local IP) on the terminal in the mac now I can connect again with ssh.

MichaIng · 7 March 2022 16:47

Okay, that is great .