PDA

View Full Version : Offending key in /home/ramesh/.ssh/known_hosts: 6



clearday
2013-04-21, 14:05
I started getting this message with a fresh install of Kali. I've searched high and low, and followed the instructions in the link below, but I still cannot login via ssh.

http://www.thegeekstuff.com/2010/04/how-to-fix-offending-key-in-sshknown_hosts-file/

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
c4:56:01:34:33:xx:7a:47:c3:3c:xx:db:57:c5:62:e4.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:6
RSA host key for 192.XX.XX.XX has changed and you have requested strict checking.
Host key verification failed.

chpwned
2013-04-21, 14:32
delete the ~/.ssh/known_hosts... what happened is that the server you're trying to access has a server fingerprint that has changed. Either someone has re-generated it, or someone has re-installed the OS. The more paranoid option is that someone is doing a MITM attack. I usually find that removing the host in your 'known_hosts' or removing the file altogether will fix the issue.

clearday
2013-04-21, 16:10
How do I locate this directory?

I tried the ssh-keygen -R 'myhostname' command but that didn't work.

BTW, this is a simple install in my home network just today, so the only culprit would be me.

charonsecurity
2013-04-22, 03:57
any directory with a (.) in front of it is a hidden directory. (.ssh) would be hidden from normal searches.
You can just cd into it and use the ls command to see the files inside of the directory. Probably this command, "cd ~/.ssh" "rm known_hosts" (not sure exactly, not at my kali machine atm)

clearday
2013-04-22, 10:52
Command worked but now I'm getting this error. Is there a way to turn off strict checking altogether?

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
62:1e:d6:87:38:af:b3:f5:ae:76:39:fe:df:24:74:c3.
Please contact your system administrator.
Add correct host key in /data/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /data/.ssh/known_hosts:3
ECDSA host key for 127.0.0.1 has changed and you have requested strict checking.
Host key verification failed




any directory with a (.) in front of it is a hidden directory. (.ssh) would be hidden from normal searches.
You can just cd into it and use the ls command to see the files inside of the directory. Probably this command, "cd ~/.ssh" "rm known_hosts" (not sure exactly, not at my kali machine atm)

clearday
2013-04-22, 11:21
/data/.ssh

How do I navigate to this directory? The ~ doesn't work this time

charonsecurity
2013-04-22, 16:59
try "cd /data/.ssh" the '~' means root, so if you did cd ~/ then it would go to the top level of your install. Hope it helps.

Edit* forgot to answer your question, edit your ssh config file and add


Host 127.0.0.*
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
Though I wouldn't really recommend to do this, as it could leave you susceptible to man in the middle attacks.

Actually it might be better to remove the offending line, from the looks of it line 3 with this command:
"sed -i 3d /data/.ssh/known_hosts"

Additionally here's a decent article about the topic :) http://www.symantec.com/connect/articles/ssh-host-key-protection

clearday
2013-04-22, 17:44
I've tried the sed command before as well as modifying the ssh_config file but still getting the message.

No luck with navigating to that directory:

root@localhost:~/.ssh# cd /data/.ssh
-bash: cd: /data/.ssh: No such file or directory


try "cd /data/.ssh" the '~' means root, so if you did cd ~/ then it would go to the top level of your install. Hope it helps.

Edit* forgot to answer your question, edit your ssh config file and add


Host 127.0.0.*
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
Though I wouldn't really recommend to do this, as it could leave you susceptible to man in the middle attacks.

Actually it might be better to remove the offending line, from the looks of it line 3 with this command:
"sed -i 3d /data/.ssh/known_hosts"

Additionally here's a decent article about the topic :) http://www.symantec.com/connect/articles/ssh-host-key-protection

clearday
2013-04-22, 17:52
This installation is cursed- I've installed Kali half a dozen times and never had authentication problem with ssh before. It's a fresh install so every authentication should be the first time.

How do I remove ssh completely, including the stored keys? I tried the apt-get remove command but it left the ssh directory intact.

charonsecurity
2013-04-23, 02:44
To remove ssh completely use the "apt-get purge" command. Keep in mind however, configuration files are left intact. I have a feeling however you haven't successfully removed the known_hosts file. It should be in the ~/.ssh folder. Not sure what you are missing.

clearday
2013-04-23, 09:26
Thank you very much for your patience.

My ~/.ssh folder contains these files:
id_rsa.pub
id_rsa.pub
known_hosts.bak
known_hosts.old

I just tried to log on from another linux laptop and now getting the error from this directory: /root/.ssh/known_hosts:6

Then I logged from my windows laptop with putty, and for some reason it did ask me if I want to log in and I got in.

I refreshed my browsing in the .ssh directory, and still has those same files I listed above. I am wondering now if the known_hosts file is located elsewhere. I am not sure why it keeps blocking the android terminal emulator but let's me in with another android terminal app, connecbot.

I am blocked in two places:

a) linux laptop logging from an IP 192.168.x.x: /root/.ssh/known_hosts:6
b) android terminal when logging in with localhost or 127.0.0.1: /data/.ssh/known_hosts:1, /data/.ssh/known_hosts:3

Somehow I need to figure out three things:
1) why I am blacklisted automatically when logging from a) and b)
2) where is the actual location of the known_hosts file- it seems like it is not in the default .ssh directory
3) how do I get in the /data/ and /root/ directories


To remove ssh completely use the "apt-get purge" command. Keep in mind however, configuration files are left intact. I have a feeling however you haven't successfully removed the known_hosts file. It should be in the ~/.ssh folder. Not sure what you are missing.

maverik35
2013-04-24, 22:22
use: "aptitude purge" command.

clearday
2013-04-25, 08:40
Thanks. Is this command the same as apt-get purge? Will it get rid of the config files as well?