Remove old key from known_hosts (Warning: Possible DNS Spoofing detected)

2

When accessing via command line in Linux / MacOS, a similar error as the following may appear

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for dominio.com.br 
and the key for the corresponding IP address 123.123.123.123 
is unknown. This could either mean that 
DNS SPOOFING is happening or the IP address for the host 
and its host key have changed at the same time. 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! 
Someone could be eavesdropping on you right now (man-in-the-middle attack)! 
(...)

A similar error also occurs when using a GUI such as Nautilus in Ubuntu, so there is no way to navigate a folder on a server that has had a legitimate change.

How do I resolve this?

    
asked by anonymous 24.02.2014 / 04:01

1 answer

2

On your terminal, type the command:

  

ssh-keygen -R domain.com

This error occurs because at some time in the past the local machine accessed the remote server and wrote to ~/.ssh/known_hosts file a signature of who the remote server was. But with this message, it is warning you that the remote machine no longer has the same signature.

In these cases, before removing, try to find out why this error occurred . If you know that the remote machine has actually changed, as an example of having recreated a virtual machine to host the same domain, just remove the previous signature with the listed command.

Learn more about Man-in-the-middle attack

    
24.02.2014 / 04:01