Remove ssh key Mac, Unix and Linux

Remove ssh key Mac, Unix and Linux

Remove ssh key mac, is needed to remove ssh keys when trying to connect to a host where remote host identification has changed. There should however be some thoughts to go thru before you try to connect to such a host. Why was the host key changed? If it’s your own server you should definitely be worried unless you changed the host IP address. Because as the warning says someone might be doing something nasty like the man in the middle attack.

Remote host identification has changed

To get a copy of this error message I changed the IP on one of my Linux servers at home. I changed to an IP address I already was using on one of my other hosts.

The error message:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 @       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 The RSA host key for gitlab.home has changed,
 and the key for the corresponding IP address 192.168.2.162
 has a different value. This could either mean that
 DNS SPOOFING is happening or the IP address for the host
 and its host key have changed at the same time.
 Offending key for IP in /Users/john/.ssh/known_hosts:8
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
 Someone could be eavesdropping on you right now (man-in-the-middle attack)!
 It is also possible that a host key has just been changed.
 The fingerprint for the RSA key sent by the remote host is
 SHA256:cTU/0LDw0ywVquhsmkVuOYJNXsN1Ivmdnz/ozej4WOo.
 Please contact your system administrator.
 Add correct host key in /Users/john/.ssh/known_hosts to get rid of this message.
 Offending RSA key in /Users/john/.ssh/known_hosts:15
 RSA host key for gitlab.home has changed and you have requested strict checking.
 Host key verification failed.

What happened?

What actually happens here is that our system gives two warnings. First, it gives us a warning about that either there is DNS Spoofing or the host IP address have changed. Here we know it is because I changed the IP address to an IP address that is used for another host. A host I have previously logged on to.

The second warning is that host identification has changed. That is quite logical since it’s not the same server and therefore, has a different host identification. All host identifications are unique.

SSH on my mac terminal now refuses me to log on. We will have to delete the host key from the known_host file before the system let us log on again. Other users that have never logged on to the server before will not be refused to log on. Even if the users are using the same computer as you. That is because each user has their own known hosts file. The host public key is sent to each user and the private key is only stored on the host.

Remove RSA key with ssh-keygen

We will use the same tool used to generate ssh key to delete the ssh key instead of create ssh key. To remove the ssh key from our mac we will use the keygen with the following command line:
ssh-keygen -R 192.168.2.162

In my case this will output the following response:
ssh-keygen -R 192.168.2.162

Host 192.168.2.162 found: line 8

/Users/john/.ssh/known_hosts updated.
Original contents retained as /Users/john/.ssh/known_hosts.old

I can also use the hostname to remove the key. Since I have used the IP address and the hostname before it would be best to remove both.

ssh-keygen -R gitlab.home

Host gitlab.home found: line 15

/Users/john/.ssh/known_hosts updated.
Original contents retained as /Users/john/.ssh/known_hosts.old

Next time I try to connect to that server it will say the RSA key fingerprint can’t be found. Then it will ask if I want to store the key permanently.

Remove RSA key manually

You can also remove the key manually without using the keygen remove command. A standard text editor can be used. On a Unix system like MacOS, the mac known_hosts default path is /Users/john/.ssh/known_hosts. If your name is John.

Open up the terminal and go to the .ssh folder. Terminal opens by default in your home directory. Then we can open the known_hosts file by just typing: open known_hosts.

TextEditor will now open the known host ssh key file. And we can manually remove the offending ssh key. If we follow the same example and remove gitlab.home or 192.168.2.162 we will have to look for that. In the picture below is an example of a known_hosts file.

So at the bottom, we find this line:
gitlab.home,192.168.2.162 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDcgoUfLjbM/94X/KVd5dzNt27d08A27phzGW6gcQu0HzId0Ha0opjWJzb5KBbFeImIipywHRONnq0ZN5Jb4YpE=

If you remove that line, that will be the same as running the ssh-keygen -R command.

Don’t believe the windows users. The cloud is just someone else computer.
You could also check out the How to show hard drive on mac.

(Visited 30,217 times, 20 visits today)