Offending key in /home/ramesh/.ssh/known_hosts: 6

[clearday]

I started getting this message with a fresh install of Kali. I've searched high and low, and followed the instructions in the link below, but I still cannot login via ssh.

http://www.thegeekstuff.com/2010/04/...wn_hosts-file/

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
c4:56:01:34:33:xx:7a:47:c3:3c:xx:db:57:c5:62:e4.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:6
RSA host key for 192.XX.XX.XX has changed and you have requested strict checking.
Host key verification failed.

[chpwned]

delete the ~/.ssh/known_hosts... what happened is that the server you're trying to access has a server fingerprint that has changed. Either someone has re-generated it, or someone has re-installed the OS. The more paranoid option is that someone is doing a MITM attack. I usually find that removing the host in your 'known_hosts' or removing the file altogether will fix the issue.

[clearday]

How do I locate this directory?

I tried the ssh-keygen -R 'myhostname' command but that didn't work.

BTW, this is a simple install in my home network just today, so the only culprit would be me.

[charonsecurity]

any directory with a (.) in front of it is a hidden directory. (.ssh) would be hidden from normal searches.
You can just cd into it and use the ls command to see the files inside of the directory. Probably this command, "cd ~/.ssh" "rm known_hosts" (not sure exactly, not at my kali machine atm)

[clearday]

Command worked but now I'm getting this error. Is there a way to turn off strict checking altogether?

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
62:1e:d6:87:38:af:b3:f5:ae:76:39:fe:df:24:74:c3.
Please contact your system administrator.
Add correct host key in /data/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /data/.ssh/known_hosts:3
ECDSA host key for 127.0.0.1 has changed and you have requested strict checking.
Host key verification failed

any directory with a (.) in front of it is a hidden directory. (.ssh) would be hidden from normal searches.
You can just cd into it and use the ls command to see the files inside of the directory. Probably this command, "cd ~/.ssh" "rm known_hosts" (not sure exactly, not at my kali machine atm)

[clearday]

/data/.ssh

How do I navigate to this directory? The ~ doesn't work this time

[charonsecurity]

try "cd /data/.ssh" the '~' means root, so if you did cd ~/ then it would go to the top level of your install. Hope it helps.

Edit* forgot to answer your question, edit your ssh config file and add

Code:

Host 127.0.0.*
   StrictHostKeyChecking no
   UserKnownHostsFile=/dev/null

Though I wouldn't really recommend to do this, as it could leave you susceptible to man in the middle attacks.

Actually it might be better to remove the offending line, from the looks of it line 3 with this command:
"sed -i 3d /data/.ssh/known_hosts"

Additionally here's a decent article about the topic http://www.symantec.com/connect/arti...key-protection

[clearday]

I've tried the sed command before as well as modifying the ssh_config file but still getting the message.

No luck with navigating to that directory:

root@localhost:~/.ssh# cd /data/.ssh
-bash: cd: /data/.ssh: No such file or directory

try "cd /data/.ssh" the '~' means root, so if you did cd ~/ then it would go to the top level of your install. Hope it helps.

Edit* forgot to answer your question, edit your ssh config file and add

Code:

Host 127.0.0.*
   StrictHostKeyChecking no
   UserKnownHostsFile=/dev/null

Though I wouldn't really recommend to do this, as it could leave you susceptible to man in the middle attacks.

Actually it might be better to remove the offending line, from the looks of it line 3 with this command:
"sed -i 3d /data/.ssh/known_hosts"

Additionally here's a decent article about the topic http://www.symantec.com/connect/arti...key-protection

[clearday]

This installation is cursed- I've installed Kali half a dozen times and never had authentication problem with ssh before. It's a fresh install so every authentication should be the first time.

How do I remove ssh completely, including the stored keys? I tried the apt-get remove command but it left the ssh directory intact.

[charonsecurity]

To remove ssh completely use the "apt-get purge" command. Keep in mind however, configuration files are left intact. I have a feeling however you haven't successfully removed the known_hosts file. It should be in the ~/.ssh folder. Not sure what you are missing.

[clearday]

Thank you very much for your patience.

My ~/.ssh folder contains these files:
id_rsa.pub
id_rsa.pub
known_hosts.bak
known_hosts.old

I just tried to log on from another linux laptop and now getting the error from this directory: /root/.ssh/known_hosts:6

Then I logged from my windows laptop with putty, and for some reason it did ask me if I want to log in and I got in.

I refreshed my browsing in the .ssh directory, and still has those same files I listed above. I am wondering now if the known_hosts file is located elsewhere. I am not sure why it keeps blocking the android terminal emulator but let's me in with another android terminal app, connecbot.

I am blocked in two places:

a) linux laptop logging from an IP 192.168.x.x: /root/.ssh/known_hosts:6
b) android terminal when logging in with localhost or 127.0.0.1: /data/.ssh/known_hosts:1, /data/.ssh/known_hosts:3

Somehow I need to figure out three things:
1) why I am blacklisted automatically when logging from a) and b)
2) where is the actual location of the known_hosts file- it seems like it is not in the default .ssh directory
3) how do I get in the /data/ and /root/ directories

To remove ssh completely use the "apt-get purge" command. Keep in mind however, configuration files are left intact. I have a feeling however you haven't successfully removed the known_hosts file. It should be in the ~/.ssh folder. Not sure what you are missing.

[maverik35]

use: "aptitude purge" command.

[clearday]

Thanks. Is this command the same as apt-get purge? Will it get rid of the config files as well?