ssh login troubleshooting

By | February 26, 2021
0 Comment

Suddenly ssh remote control to some of Mac devices stopped working, because remote host identification of that Mac device had been changed on remote side. Generally it means that the remote host key does not match the host key currently saved in /var/root/.ssh/known_hosts file. In other words the ssh handshake failed because host key verification returned an error.
When I ran ssh command I got the message like this:


# sudo ssh someuser@192.168.1.13
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:NPsC1gwEd9++IrLJ+jChps2vYlTd+E9XntyJm8VqIvc.
Please contact your system administrator.
Add correct host key in /var/root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /var/root/.ssh/known_hosts:10
ECDSA host key for 192.168.1.13 has changed and you have requested strict checking.
Host key verification failed.
#

To fix it, open /var/root/.ssh/known_hosts in text editor:


# vi /var/root/.ssh/known_hosts

Find key related to remote host (in my case the line should begin with 92.168.1.13):


192.168.1.13 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNVHuRj+y8AM++GyhxA4vKsXQdY7rt/gydfAAi71VIPxQRLfuu4cJqd9QPwAllidLSaZe5BhEaYU/4cc1QM6wiM=

Delete the key. Start ssh session again and it works now:


# sudo ssh someuser@192.168.1.13
The authenticity of host ‘192.168.1.13 (192.168.1.13)’ can’t be established.
ECDSA key fingerprint is SHA256:NPsC1gwEd9++IrLJ+jChps2vYlTd+E9XntyJm8VqIvc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.1.13’ (ECDSA) to the list of known hosts.
Password:
someuser@192.168.1.13’s password:
Last login: Wed Feb 24 09:15:24 2021 from 10.19.68.197
someuser@MacOSMos-13 ~ %

If we open /var/root/.ssh/known_hosts we will see that host key is updated with different value:


192.168.1.13 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOxNOOl6R96CGS6SnKkHDtPg+zRCfyU6zEGq1sWpa4X6Wr2VeL0Jj+7wZml92AZ2Ielleueo7tj+9O3oORGibkQ=

Leave a Reply

Your email address will not be published. Required fields are marked *