Bypassing SSH strict checking
I use an SSH gateway for work (one that requires two-factor authentication: an RSA SecureID PIN and an AES-encrypted Kerberos password). Problem is, since the gateway servers are clustered and change often, I sometimes get the following:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /home/username/.ssh/known_hosts to get rid of this message.
Offending key in /home/username/.ssh/known_hosts:1
RSA host key for gateway_server has changed and you have requested strict checking.
Host key verification failed.
Connection to gateway_server closed.Of course, I cannot clean up the known_hosts file since I could not log on in the first place — I had to go another route (through a remote desktop using another server, etc.).
Although it's not really recommended (read the dire warning above), this restriction can be bypassed by using:
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=noThis way, strict checking is disabled, and the host key will not be checked against the file. Take note that this is insecure, and only works if you are absolutely certain that you're logging on to a trusted host.
Isn't the remote host file in the local machine that you are using? You should be able to delete it without any problem (although I get the point of it being tedious).
ReplyDeleteciao!
Sorry, should have been more clear: the known_hosts file in question is in the gateway to which I need to log in. :P
ReplyDelete