Remove old key from known_hosts (Warning: Possible DNS Spoofing Detected)

Asked

Viewed 2,382 times

2

When accessing via Linux/Macos command line, an error like the following may appear

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for dominio.com.br 
and the key for the corresponding IP address 123.123.123.123 
is unknown. This could either mean that 
DNS SPOOFING is happening or the IP address for the host 
and its host key have changed at the same time. 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! 
Someone could be eavesdropping on you right now (man-in-the-middle attack)! 
(...)

A similar error also happens when using a GUI, such as Nautilus on Ubuntu, so that there is no way to browse a folder of a server that had a legitimate change.

How to solve this?

ssh

1 answer

2

In your terminal, enter the command:

ssh-keygen -R dominio.com.br

This error occurs because at some point in the past the local machine has accessed the remote server and written to ~/.ssh/known_hosts file one signing whose remote server it was. But with this message, it is warning you that the remote machine no longer has the same signature.

In these cases, before removing, look for why there was this error. If you know that the remote machine has actually changed, such as recreating a virtual machine to host the same domain, simply remove the previous signature with the listed command.

Learn more about Attack man-in-the-Middle

Browser other questions tagged ssh

You are not signed in. Login or sign up in order to post.