How to find out the hosts in the known_hosts file? Even if encoded!

Escrito na categoria "DevOps" por Alex Benfica.

When you try to do a SSH connection to a host, you can have you connection denied due to differences in the public ssh key you want to use and the one stored in the ~/.ssh/known_hosts file.

This file is in your /home/<username>/.ssh/ folder, where keys and other configuration related to ssh is stored for your user.

If your connection is denied with a message like this, the solution is simple.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for example.com has changed,
and the key for the corresponding IP address 20.100.234.20
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:XXXXXXXXXX
Please contact your system administrator.
Add correct host key in /home/<username>/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/<username>/.ssh/known_hosts:30
ECDSA host key for example.com has changed and you have requested strict checking.
Host key verification failed.

In this case, what you need to do is:

I can’t find the hostname in the known_hosts file (it is hashed or encoded)

Sometimes you will see the host names encoded in this file. This is because you’ve got HashKnownHosts set to “yes” in your ssh_config file, so the hostnames aren’t available in plaintext.

If you see lines that are encoded or encrypted inside the known_hosts file, you can look for the line corresponding to the domain using this command:

ssh-keygen -H -F example.com

This command will output the line that you should delete from the known hosts file in order to proceed with the login.

Just remove the line from the file, save it and try again. If you have the right credentials you should be able to login.

Sobre o autor

Autor Alex Benfica

IT professional with over 20 years of experience in industry. BSc in Computational Mathematics, always learning and enthusiastic about software development and automation. Full stack developer proficient in Javascript, Node, React, Python, Docker, API design and many more!

Leave a Reply