SSH connection problem with “Host key verification failed…” error
I can connect to another Ubuntu machine in my LAN via SSH. On both of then PC's I installed openssh-server
but from another Ubuntu computer I can not connect to my PC via SSH and I got this error:
Host key verification failed...
ssh
migrated from stackoverflow.com May 28 '11 at 12:38
This question came from our site for professional and enthusiast programmers.
add a comment |
I can connect to another Ubuntu machine in my LAN via SSH. On both of then PC's I installed openssh-server
but from another Ubuntu computer I can not connect to my PC via SSH and I got this error:
Host key verification failed...
ssh
migrated from stackoverflow.com May 28 '11 at 12:38
This question came from our site for professional and enthusiast programmers.
1
Dó you use host names or IP-addresses?
– Thorbjørn Ravn Andersen
May 27 '12 at 13:21
Not similar but I got the same error but due to a different problem: serverfault.com/questions/494916/…
– zengr
Aug 28 '13 at 19:18
This is not an Ubuntu-specific issue. Can happen with anyssh
from the command-line.
– MarkHu
Mar 31 '17 at 17:19
add a comment |
I can connect to another Ubuntu machine in my LAN via SSH. On both of then PC's I installed openssh-server
but from another Ubuntu computer I can not connect to my PC via SSH and I got this error:
Host key verification failed...
ssh
I can connect to another Ubuntu machine in my LAN via SSH. On both of then PC's I installed openssh-server
but from another Ubuntu computer I can not connect to my PC via SSH and I got this error:
Host key verification failed...
ssh
ssh
edited Mar 13 '16 at 16:11
techraf
2,77092035
2,77092035
asked May 28 '11 at 11:36
NavidNavid
938287
938287
migrated from stackoverflow.com May 28 '11 at 12:38
This question came from our site for professional and enthusiast programmers.
migrated from stackoverflow.com May 28 '11 at 12:38
This question came from our site for professional and enthusiast programmers.
1
Dó you use host names or IP-addresses?
– Thorbjørn Ravn Andersen
May 27 '12 at 13:21
Not similar but I got the same error but due to a different problem: serverfault.com/questions/494916/…
– zengr
Aug 28 '13 at 19:18
This is not an Ubuntu-specific issue. Can happen with anyssh
from the command-line.
– MarkHu
Mar 31 '17 at 17:19
add a comment |
1
Dó you use host names or IP-addresses?
– Thorbjørn Ravn Andersen
May 27 '12 at 13:21
Not similar but I got the same error but due to a different problem: serverfault.com/questions/494916/…
– zengr
Aug 28 '13 at 19:18
This is not an Ubuntu-specific issue. Can happen with anyssh
from the command-line.
– MarkHu
Mar 31 '17 at 17:19
1
1
Dó you use host names or IP-addresses?
– Thorbjørn Ravn Andersen
May 27 '12 at 13:21
Dó you use host names or IP-addresses?
– Thorbjørn Ravn Andersen
May 27 '12 at 13:21
Not similar but I got the same error but due to a different problem: serverfault.com/questions/494916/…
– zengr
Aug 28 '13 at 19:18
Not similar but I got the same error but due to a different problem: serverfault.com/questions/494916/…
– zengr
Aug 28 '13 at 19:18
This is not an Ubuntu-specific issue. Can happen with any
ssh
from the command-line.– MarkHu
Mar 31 '17 at 17:19
This is not an Ubuntu-specific issue. Can happen with any
ssh
from the command-line.– MarkHu
Mar 31 '17 at 17:19
add a comment |
14 Answers
14
active
oldest
votes
"Host key verification failed" means that the host key of the remote host was changed.
SSH stores the host keys of the remote hosts in ~/.ssh/known_hosts
. You can either edit that text file manually and remove the old key (you can see the line number in the error message), or use
ssh-keygen -R hostname
(which I learned from the answer to
Is it possible to remove a particular host key from SSH's known_hosts file?).
3
It can also mean that you simply don't have the host key of the remote host. For example, if Irm ~/.ssh/*
, thenssh -o BatchMode=yes root@somewhere
, if nothing else is wrong I will getHost key verification failed.
Not important if you're always interactive, but relevant for scripts encountering the same error.
– Ron Burk
Apr 25 '17 at 23:19
Unsurprisingly,ssh-keygen -R example.net:7999
yieldsHost example.net:7999 not found in known_hosts
.
– alex
Feb 12 '18 at 18:35
I removedknown_hosts
file and ssh again. It worked.
– ParisaN
Jun 6 '18 at 10:49
add a comment |
If you are running in certain remote/scripting situations where you lack interactive access to the prompt-to-add-hostkey, work around it like this:
$ ssh -o StrictHostKeyChecking=no user@something.example.com uptime
Warning: Permanently added 'something.example.com,10.11.12.13' (RSA) to the list of known hosts.
5
+1, this is an ugly solution, but in some cases of automated monitoring processes that work with dymaic ip-connected devices, this is a simple and acceptable solution.
– Ninsuo
Nov 11 '13 at 14:34
11
+1 For example, for Jenkins executions, this is a good solution. Thanks
– Lobo
Feb 5 '15 at 10:02
4
@Lobo can't agree more, i am using it for jenkins, which is coolsh """ssh -o StrictHostKeyChecking=No ec2-user@someIpAddress-e2e sudo service tomcat restart"""
– prayagupd
Jun 8 '17 at 21:40
Saved My Life. Life saver solution.
– user1735921
Oct 12 '17 at 6:43
add a comment |
Also sometimes there is situation when you are working on serial console, then checking above command in verbose mode -v
will show you /dev/tty
does not exist, while it does.
ssh -v user@hostname
In above case just remove /dev/tty
and create a symlink of /dev/ttyS0
to /dev/tty
.
rm /dev/tty
ln -s /dev/ttyS0 /dev/tty
As an alternative, add id_rsa.pub
to the remote location, so password is not prompted and you get login access.
6
+1 for advising to use -v parameter; this can help a lot when debugging ssh problems.
– daniel kullmann
Jul 24 '12 at 19:10
add a comment |
In my case, this was caused by a udev problem - there was no /dev/tty
device node. The solution for me was just:
sudo mknod -m 666 /dev/tty c 5 0
add a comment |
On terminal:
ssh -o StrictHostKeyChecking=No -i YourPublicKey.pem user@example.com uptime
The following message, or similar, will appear:
Warning: Permanently added 'example.com, XX.XXX.XXX.XX' (ECDSA) to the list of known hosts.
00:47:37 up 3 min, 0 users, load average: 0.00, 0.00, 0.00
Then, connect to your EC2 as normal:
ssh -i YourPublickey.pem user@example.com
I gotcommand-line line 0: Bad yes/no/ask argument.
because you wrongly use 'No' instead of 'no' as argument toStrictHostKeyChecking
– Axel Bregnsbo
Aug 25 '18 at 15:30
add a comment |
Well, it simply because the second ubuntu requires connection by key and not password.
I suggest you use sudo dpkg-reconfigure openssh-server
on your pc, and then it should work properly. It will reset the configuration for openssh and should come back to a default password authentication.
Second possibility is that there's already a key for your other ubuntu in you PC, and that it changed thus being not recognized anymore. In this case, you'll have to edit the file .ssh/authorized_keys
to remove the problematic line identifying your ubuntu.
add a comment |
This is an old thread and I just ran across this answer, I will just add what I did to solve this.
ssh-keygen -f "/home/USER/.ssh/known_hosts" -R HOSTNAME
I just looked at the error message that it threw at me and it said to run that command in order to remove it from the list of hosts. After that I did the following:
ssh-copy-id HOSTNAME
Than I followed the prompts from there until I was able to ssh into the server.
As this command I am getting as suggestion in ubuntu 12.4.
– MaNKuR
May 31 '15 at 18:09
add a comment |
Its means your remote host key was changed (May be host password change),
Your terminal suggested to execute this command as root user
$ ssh-keygen -f "/root/.ssh/known_hosts" -R [www.website.net]:4231
You have to remove that host name from hosts list on your pc/server. Copy that suggested command and execute as a root user.
$ sudo su // Login as a root user
$ ssh-keygen -f "/root/.ssh/known_hosts" -R [www.website.net]:4231 // Terminal suggested command execute here
Host [www.website.net]:4231 found: line 16 type ECDSA
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old
$ exit // Exist from root user
$ sudo ssh root@www.website.net -p 4231 // Try again
Hope this works.
add a comment |
You should change your key in this way:
From your given error find which host-key changed for
example: Offending ECDSA key in /Users/user-name/.ssh/known_hosts:5
said 5th key changed, so do this:
sed -i '5d' ~/.ssh/known_hosts
Notice: you must be root or have privilege for sudo.
No, unless you are doing it for someone else, it does not require root nor sudo. You are editing the file in your home directory. Second: for the command to work it requires GNU sed.
– techraf
Mar 13 '16 at 16:00
Maybe you right but I tried to ssh from Mac OSX to ubuntu-server and I have to do that. by the way thank you for your comment.
– Amir.A.G
Mar 14 '16 at 16:44
add a comment |
you have to put the rsa key of the target host into the source host /home/user/.ssh/known_hosts
by running this on the target
ssh-keyscan -t rsa @targethost
add a comment |
pico ~/.ssh/known_hosts
and delete all lines, after just reconnect and you will get a new key.
5
This is a dangerous solution, because you will remove ALL your host keys. The accepted solution,ssh-keygen -R hostname
is better.
– msanford
Mar 24 '14 at 20:52
add a comment |
My solution comes from this blog post: Algorithm negotiation failed for SSH Secure Shell Client
You need to modify the file as follows:
sudo nano /etc/ssh/sshd_config
And then add the following:
# Ciphers
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour
KexAlgorithms diffie-hellman-group1-sha1
Basically you tried different solutions until you find one which can solve your problem. If the above solutions don't work, please try this one. If this one doesn't work as well, please try others.
add a comment |
Just disable strict host key checking in your ~/.ssh/config:
Host *
StrictHostKeyChecking no
add a comment |
May you just need to enter "yes" when ssh confirm you want to continue connectting.
Like bellow.
The authenticity of host 'xxx' can't be established.
ECDSA key fingerprint is yyy.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xxx' (ECDSA) to the list of known hosts.
Enter passphrase for key '/Users/ysy/.ssh/id_rsa':
Then enter your password.
Please pay attention to "Are you sure you want to continue connecting (yes/no)? yes". You must enter yes, not enter.
New contributor
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f45679%2fssh-connection-problem-with-host-key-verification-failed-error%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
14 Answers
14
active
oldest
votes
14 Answers
14
active
oldest
votes
active
oldest
votes
active
oldest
votes
"Host key verification failed" means that the host key of the remote host was changed.
SSH stores the host keys of the remote hosts in ~/.ssh/known_hosts
. You can either edit that text file manually and remove the old key (you can see the line number in the error message), or use
ssh-keygen -R hostname
(which I learned from the answer to
Is it possible to remove a particular host key from SSH's known_hosts file?).
3
It can also mean that you simply don't have the host key of the remote host. For example, if Irm ~/.ssh/*
, thenssh -o BatchMode=yes root@somewhere
, if nothing else is wrong I will getHost key verification failed.
Not important if you're always interactive, but relevant for scripts encountering the same error.
– Ron Burk
Apr 25 '17 at 23:19
Unsurprisingly,ssh-keygen -R example.net:7999
yieldsHost example.net:7999 not found in known_hosts
.
– alex
Feb 12 '18 at 18:35
I removedknown_hosts
file and ssh again. It worked.
– ParisaN
Jun 6 '18 at 10:49
add a comment |
"Host key verification failed" means that the host key of the remote host was changed.
SSH stores the host keys of the remote hosts in ~/.ssh/known_hosts
. You can either edit that text file manually and remove the old key (you can see the line number in the error message), or use
ssh-keygen -R hostname
(which I learned from the answer to
Is it possible to remove a particular host key from SSH's known_hosts file?).
3
It can also mean that you simply don't have the host key of the remote host. For example, if Irm ~/.ssh/*
, thenssh -o BatchMode=yes root@somewhere
, if nothing else is wrong I will getHost key verification failed.
Not important if you're always interactive, but relevant for scripts encountering the same error.
– Ron Burk
Apr 25 '17 at 23:19
Unsurprisingly,ssh-keygen -R example.net:7999
yieldsHost example.net:7999 not found in known_hosts
.
– alex
Feb 12 '18 at 18:35
I removedknown_hosts
file and ssh again. It worked.
– ParisaN
Jun 6 '18 at 10:49
add a comment |
"Host key verification failed" means that the host key of the remote host was changed.
SSH stores the host keys of the remote hosts in ~/.ssh/known_hosts
. You can either edit that text file manually and remove the old key (you can see the line number in the error message), or use
ssh-keygen -R hostname
(which I learned from the answer to
Is it possible to remove a particular host key from SSH's known_hosts file?).
"Host key verification failed" means that the host key of the remote host was changed.
SSH stores the host keys of the remote hosts in ~/.ssh/known_hosts
. You can either edit that text file manually and remove the old key (you can see the line number in the error message), or use
ssh-keygen -R hostname
(which I learned from the answer to
Is it possible to remove a particular host key from SSH's known_hosts file?).
edited Jan 9 '18 at 19:36
slm
1,75611824
1,75611824
answered May 28 '11 at 13:19
elmichaelmicha
6,91522439
6,91522439
3
It can also mean that you simply don't have the host key of the remote host. For example, if Irm ~/.ssh/*
, thenssh -o BatchMode=yes root@somewhere
, if nothing else is wrong I will getHost key verification failed.
Not important if you're always interactive, but relevant for scripts encountering the same error.
– Ron Burk
Apr 25 '17 at 23:19
Unsurprisingly,ssh-keygen -R example.net:7999
yieldsHost example.net:7999 not found in known_hosts
.
– alex
Feb 12 '18 at 18:35
I removedknown_hosts
file and ssh again. It worked.
– ParisaN
Jun 6 '18 at 10:49
add a comment |
3
It can also mean that you simply don't have the host key of the remote host. For example, if Irm ~/.ssh/*
, thenssh -o BatchMode=yes root@somewhere
, if nothing else is wrong I will getHost key verification failed.
Not important if you're always interactive, but relevant for scripts encountering the same error.
– Ron Burk
Apr 25 '17 at 23:19
Unsurprisingly,ssh-keygen -R example.net:7999
yieldsHost example.net:7999 not found in known_hosts
.
– alex
Feb 12 '18 at 18:35
I removedknown_hosts
file and ssh again. It worked.
– ParisaN
Jun 6 '18 at 10:49
3
3
It can also mean that you simply don't have the host key of the remote host. For example, if I
rm ~/.ssh/*
, then ssh -o BatchMode=yes root@somewhere
, if nothing else is wrong I will get Host key verification failed.
Not important if you're always interactive, but relevant for scripts encountering the same error.– Ron Burk
Apr 25 '17 at 23:19
It can also mean that you simply don't have the host key of the remote host. For example, if I
rm ~/.ssh/*
, then ssh -o BatchMode=yes root@somewhere
, if nothing else is wrong I will get Host key verification failed.
Not important if you're always interactive, but relevant for scripts encountering the same error.– Ron Burk
Apr 25 '17 at 23:19
Unsurprisingly,
ssh-keygen -R example.net:7999
yields Host example.net:7999 not found in known_hosts
.– alex
Feb 12 '18 at 18:35
Unsurprisingly,
ssh-keygen -R example.net:7999
yields Host example.net:7999 not found in known_hosts
.– alex
Feb 12 '18 at 18:35
I removed
known_hosts
file and ssh again. It worked.– ParisaN
Jun 6 '18 at 10:49
I removed
known_hosts
file and ssh again. It worked.– ParisaN
Jun 6 '18 at 10:49
add a comment |
If you are running in certain remote/scripting situations where you lack interactive access to the prompt-to-add-hostkey, work around it like this:
$ ssh -o StrictHostKeyChecking=no user@something.example.com uptime
Warning: Permanently added 'something.example.com,10.11.12.13' (RSA) to the list of known hosts.
5
+1, this is an ugly solution, but in some cases of automated monitoring processes that work with dymaic ip-connected devices, this is a simple and acceptable solution.
– Ninsuo
Nov 11 '13 at 14:34
11
+1 For example, for Jenkins executions, this is a good solution. Thanks
– Lobo
Feb 5 '15 at 10:02
4
@Lobo can't agree more, i am using it for jenkins, which is coolsh """ssh -o StrictHostKeyChecking=No ec2-user@someIpAddress-e2e sudo service tomcat restart"""
– prayagupd
Jun 8 '17 at 21:40
Saved My Life. Life saver solution.
– user1735921
Oct 12 '17 at 6:43
add a comment |
If you are running in certain remote/scripting situations where you lack interactive access to the prompt-to-add-hostkey, work around it like this:
$ ssh -o StrictHostKeyChecking=no user@something.example.com uptime
Warning: Permanently added 'something.example.com,10.11.12.13' (RSA) to the list of known hosts.
5
+1, this is an ugly solution, but in some cases of automated monitoring processes that work with dymaic ip-connected devices, this is a simple and acceptable solution.
– Ninsuo
Nov 11 '13 at 14:34
11
+1 For example, for Jenkins executions, this is a good solution. Thanks
– Lobo
Feb 5 '15 at 10:02
4
@Lobo can't agree more, i am using it for jenkins, which is coolsh """ssh -o StrictHostKeyChecking=No ec2-user@someIpAddress-e2e sudo service tomcat restart"""
– prayagupd
Jun 8 '17 at 21:40
Saved My Life. Life saver solution.
– user1735921
Oct 12 '17 at 6:43
add a comment |
If you are running in certain remote/scripting situations where you lack interactive access to the prompt-to-add-hostkey, work around it like this:
$ ssh -o StrictHostKeyChecking=no user@something.example.com uptime
Warning: Permanently added 'something.example.com,10.11.12.13' (RSA) to the list of known hosts.
If you are running in certain remote/scripting situations where you lack interactive access to the prompt-to-add-hostkey, work around it like this:
$ ssh -o StrictHostKeyChecking=no user@something.example.com uptime
Warning: Permanently added 'something.example.com,10.11.12.13' (RSA) to the list of known hosts.
edited Nov 11 '13 at 15:14
Ninsuo
54059
54059
answered Jul 24 '13 at 0:47
MarkHuMarkHu
2,8702119
2,8702119
5
+1, this is an ugly solution, but in some cases of automated monitoring processes that work with dymaic ip-connected devices, this is a simple and acceptable solution.
– Ninsuo
Nov 11 '13 at 14:34
11
+1 For example, for Jenkins executions, this is a good solution. Thanks
– Lobo
Feb 5 '15 at 10:02
4
@Lobo can't agree more, i am using it for jenkins, which is coolsh """ssh -o StrictHostKeyChecking=No ec2-user@someIpAddress-e2e sudo service tomcat restart"""
– prayagupd
Jun 8 '17 at 21:40
Saved My Life. Life saver solution.
– user1735921
Oct 12 '17 at 6:43
add a comment |
5
+1, this is an ugly solution, but in some cases of automated monitoring processes that work with dymaic ip-connected devices, this is a simple and acceptable solution.
– Ninsuo
Nov 11 '13 at 14:34
11
+1 For example, for Jenkins executions, this is a good solution. Thanks
– Lobo
Feb 5 '15 at 10:02
4
@Lobo can't agree more, i am using it for jenkins, which is coolsh """ssh -o StrictHostKeyChecking=No ec2-user@someIpAddress-e2e sudo service tomcat restart"""
– prayagupd
Jun 8 '17 at 21:40
Saved My Life. Life saver solution.
– user1735921
Oct 12 '17 at 6:43
5
5
+1, this is an ugly solution, but in some cases of automated monitoring processes that work with dymaic ip-connected devices, this is a simple and acceptable solution.
– Ninsuo
Nov 11 '13 at 14:34
+1, this is an ugly solution, but in some cases of automated monitoring processes that work with dymaic ip-connected devices, this is a simple and acceptable solution.
– Ninsuo
Nov 11 '13 at 14:34
11
11
+1 For example, for Jenkins executions, this is a good solution. Thanks
– Lobo
Feb 5 '15 at 10:02
+1 For example, for Jenkins executions, this is a good solution. Thanks
– Lobo
Feb 5 '15 at 10:02
4
4
@Lobo can't agree more, i am using it for jenkins, which is cool
sh """ssh -o StrictHostKeyChecking=No ec2-user@someIpAddress-e2e sudo service tomcat restart"""
– prayagupd
Jun 8 '17 at 21:40
@Lobo can't agree more, i am using it for jenkins, which is cool
sh """ssh -o StrictHostKeyChecking=No ec2-user@someIpAddress-e2e sudo service tomcat restart"""
– prayagupd
Jun 8 '17 at 21:40
Saved My Life. Life saver solution.
– user1735921
Oct 12 '17 at 6:43
Saved My Life. Life saver solution.
– user1735921
Oct 12 '17 at 6:43
add a comment |
Also sometimes there is situation when you are working on serial console, then checking above command in verbose mode -v
will show you /dev/tty
does not exist, while it does.
ssh -v user@hostname
In above case just remove /dev/tty
and create a symlink of /dev/ttyS0
to /dev/tty
.
rm /dev/tty
ln -s /dev/ttyS0 /dev/tty
As an alternative, add id_rsa.pub
to the remote location, so password is not prompted and you get login access.
6
+1 for advising to use -v parameter; this can help a lot when debugging ssh problems.
– daniel kullmann
Jul 24 '12 at 19:10
add a comment |
Also sometimes there is situation when you are working on serial console, then checking above command in verbose mode -v
will show you /dev/tty
does not exist, while it does.
ssh -v user@hostname
In above case just remove /dev/tty
and create a symlink of /dev/ttyS0
to /dev/tty
.
rm /dev/tty
ln -s /dev/ttyS0 /dev/tty
As an alternative, add id_rsa.pub
to the remote location, so password is not prompted and you get login access.
6
+1 for advising to use -v parameter; this can help a lot when debugging ssh problems.
– daniel kullmann
Jul 24 '12 at 19:10
add a comment |
Also sometimes there is situation when you are working on serial console, then checking above command in verbose mode -v
will show you /dev/tty
does not exist, while it does.
ssh -v user@hostname
In above case just remove /dev/tty
and create a symlink of /dev/ttyS0
to /dev/tty
.
rm /dev/tty
ln -s /dev/ttyS0 /dev/tty
As an alternative, add id_rsa.pub
to the remote location, so password is not prompted and you get login access.
Also sometimes there is situation when you are working on serial console, then checking above command in verbose mode -v
will show you /dev/tty
does not exist, while it does.
ssh -v user@hostname
In above case just remove /dev/tty
and create a symlink of /dev/ttyS0
to /dev/tty
.
rm /dev/tty
ln -s /dev/ttyS0 /dev/tty
As an alternative, add id_rsa.pub
to the remote location, so password is not prompted and you get login access.
edited Jan 10 '14 at 8:53
kiri
19.1k1259104
19.1k1259104
answered May 27 '12 at 13:01
PeeyushPeeyush
217149
217149
6
+1 for advising to use -v parameter; this can help a lot when debugging ssh problems.
– daniel kullmann
Jul 24 '12 at 19:10
add a comment |
6
+1 for advising to use -v parameter; this can help a lot when debugging ssh problems.
– daniel kullmann
Jul 24 '12 at 19:10
6
6
+1 for advising to use -v parameter; this can help a lot when debugging ssh problems.
– daniel kullmann
Jul 24 '12 at 19:10
+1 for advising to use -v parameter; this can help a lot when debugging ssh problems.
– daniel kullmann
Jul 24 '12 at 19:10
add a comment |
In my case, this was caused by a udev problem - there was no /dev/tty
device node. The solution for me was just:
sudo mknod -m 666 /dev/tty c 5 0
add a comment |
In my case, this was caused by a udev problem - there was no /dev/tty
device node. The solution for me was just:
sudo mknod -m 666 /dev/tty c 5 0
add a comment |
In my case, this was caused by a udev problem - there was no /dev/tty
device node. The solution for me was just:
sudo mknod -m 666 /dev/tty c 5 0
In my case, this was caused by a udev problem - there was no /dev/tty
device node. The solution for me was just:
sudo mknod -m 666 /dev/tty c 5 0
edited Sep 22 '16 at 20:53
muru
1
1
answered Jul 25 '11 at 20:28
MarkMark
811
811
add a comment |
add a comment |
On terminal:
ssh -o StrictHostKeyChecking=No -i YourPublicKey.pem user@example.com uptime
The following message, or similar, will appear:
Warning: Permanently added 'example.com, XX.XXX.XXX.XX' (ECDSA) to the list of known hosts.
00:47:37 up 3 min, 0 users, load average: 0.00, 0.00, 0.00
Then, connect to your EC2 as normal:
ssh -i YourPublickey.pem user@example.com
I gotcommand-line line 0: Bad yes/no/ask argument.
because you wrongly use 'No' instead of 'no' as argument toStrictHostKeyChecking
– Axel Bregnsbo
Aug 25 '18 at 15:30
add a comment |
On terminal:
ssh -o StrictHostKeyChecking=No -i YourPublicKey.pem user@example.com uptime
The following message, or similar, will appear:
Warning: Permanently added 'example.com, XX.XXX.XXX.XX' (ECDSA) to the list of known hosts.
00:47:37 up 3 min, 0 users, load average: 0.00, 0.00, 0.00
Then, connect to your EC2 as normal:
ssh -i YourPublickey.pem user@example.com
I gotcommand-line line 0: Bad yes/no/ask argument.
because you wrongly use 'No' instead of 'no' as argument toStrictHostKeyChecking
– Axel Bregnsbo
Aug 25 '18 at 15:30
add a comment |
On terminal:
ssh -o StrictHostKeyChecking=No -i YourPublicKey.pem user@example.com uptime
The following message, or similar, will appear:
Warning: Permanently added 'example.com, XX.XXX.XXX.XX' (ECDSA) to the list of known hosts.
00:47:37 up 3 min, 0 users, load average: 0.00, 0.00, 0.00
Then, connect to your EC2 as normal:
ssh -i YourPublickey.pem user@example.com
On terminal:
ssh -o StrictHostKeyChecking=No -i YourPublicKey.pem user@example.com uptime
The following message, or similar, will appear:
Warning: Permanently added 'example.com, XX.XXX.XXX.XX' (ECDSA) to the list of known hosts.
00:47:37 up 3 min, 0 users, load average: 0.00, 0.00, 0.00
Then, connect to your EC2 as normal:
ssh -i YourPublickey.pem user@example.com
answered Mar 27 '17 at 0:50
Vitor AbellaVitor Abella
2,829102964
2,829102964
I gotcommand-line line 0: Bad yes/no/ask argument.
because you wrongly use 'No' instead of 'no' as argument toStrictHostKeyChecking
– Axel Bregnsbo
Aug 25 '18 at 15:30
add a comment |
I gotcommand-line line 0: Bad yes/no/ask argument.
because you wrongly use 'No' instead of 'no' as argument toStrictHostKeyChecking
– Axel Bregnsbo
Aug 25 '18 at 15:30
I got
command-line line 0: Bad yes/no/ask argument.
because you wrongly use 'No' instead of 'no' as argument to StrictHostKeyChecking
– Axel Bregnsbo
Aug 25 '18 at 15:30
I got
command-line line 0: Bad yes/no/ask argument.
because you wrongly use 'No' instead of 'no' as argument to StrictHostKeyChecking
– Axel Bregnsbo
Aug 25 '18 at 15:30
add a comment |
Well, it simply because the second ubuntu requires connection by key and not password.
I suggest you use sudo dpkg-reconfigure openssh-server
on your pc, and then it should work properly. It will reset the configuration for openssh and should come back to a default password authentication.
Second possibility is that there's already a key for your other ubuntu in you PC, and that it changed thus being not recognized anymore. In this case, you'll have to edit the file .ssh/authorized_keys
to remove the problematic line identifying your ubuntu.
add a comment |
Well, it simply because the second ubuntu requires connection by key and not password.
I suggest you use sudo dpkg-reconfigure openssh-server
on your pc, and then it should work properly. It will reset the configuration for openssh and should come back to a default password authentication.
Second possibility is that there's already a key for your other ubuntu in you PC, and that it changed thus being not recognized anymore. In this case, you'll have to edit the file .ssh/authorized_keys
to remove the problematic line identifying your ubuntu.
add a comment |
Well, it simply because the second ubuntu requires connection by key and not password.
I suggest you use sudo dpkg-reconfigure openssh-server
on your pc, and then it should work properly. It will reset the configuration for openssh and should come back to a default password authentication.
Second possibility is that there's already a key for your other ubuntu in you PC, and that it changed thus being not recognized anymore. In this case, you'll have to edit the file .ssh/authorized_keys
to remove the problematic line identifying your ubuntu.
Well, it simply because the second ubuntu requires connection by key and not password.
I suggest you use sudo dpkg-reconfigure openssh-server
on your pc, and then it should work properly. It will reset the configuration for openssh and should come back to a default password authentication.
Second possibility is that there's already a key for your other ubuntu in you PC, and that it changed thus being not recognized anymore. In this case, you'll have to edit the file .ssh/authorized_keys
to remove the problematic line identifying your ubuntu.
answered May 28 '11 at 11:39
MP0MP0
1312
1312
add a comment |
add a comment |
This is an old thread and I just ran across this answer, I will just add what I did to solve this.
ssh-keygen -f "/home/USER/.ssh/known_hosts" -R HOSTNAME
I just looked at the error message that it threw at me and it said to run that command in order to remove it from the list of hosts. After that I did the following:
ssh-copy-id HOSTNAME
Than I followed the prompts from there until I was able to ssh into the server.
As this command I am getting as suggestion in ubuntu 12.4.
– MaNKuR
May 31 '15 at 18:09
add a comment |
This is an old thread and I just ran across this answer, I will just add what I did to solve this.
ssh-keygen -f "/home/USER/.ssh/known_hosts" -R HOSTNAME
I just looked at the error message that it threw at me and it said to run that command in order to remove it from the list of hosts. After that I did the following:
ssh-copy-id HOSTNAME
Than I followed the prompts from there until I was able to ssh into the server.
As this command I am getting as suggestion in ubuntu 12.4.
– MaNKuR
May 31 '15 at 18:09
add a comment |
This is an old thread and I just ran across this answer, I will just add what I did to solve this.
ssh-keygen -f "/home/USER/.ssh/known_hosts" -R HOSTNAME
I just looked at the error message that it threw at me and it said to run that command in order to remove it from the list of hosts. After that I did the following:
ssh-copy-id HOSTNAME
Than I followed the prompts from there until I was able to ssh into the server.
This is an old thread and I just ran across this answer, I will just add what I did to solve this.
ssh-keygen -f "/home/USER/.ssh/known_hosts" -R HOSTNAME
I just looked at the error message that it threw at me and it said to run that command in order to remove it from the list of hosts. After that I did the following:
ssh-copy-id HOSTNAME
Than I followed the prompts from there until I was able to ssh into the server.
answered Apr 15 '15 at 16:09
Hatem JaberHatem Jaber
26139
26139
As this command I am getting as suggestion in ubuntu 12.4.
– MaNKuR
May 31 '15 at 18:09
add a comment |
As this command I am getting as suggestion in ubuntu 12.4.
– MaNKuR
May 31 '15 at 18:09
As this command I am getting as suggestion in ubuntu 12.4.
– MaNKuR
May 31 '15 at 18:09
As this command I am getting as suggestion in ubuntu 12.4.
– MaNKuR
May 31 '15 at 18:09
add a comment |
Its means your remote host key was changed (May be host password change),
Your terminal suggested to execute this command as root user
$ ssh-keygen -f "/root/.ssh/known_hosts" -R [www.website.net]:4231
You have to remove that host name from hosts list on your pc/server. Copy that suggested command and execute as a root user.
$ sudo su // Login as a root user
$ ssh-keygen -f "/root/.ssh/known_hosts" -R [www.website.net]:4231 // Terminal suggested command execute here
Host [www.website.net]:4231 found: line 16 type ECDSA
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old
$ exit // Exist from root user
$ sudo ssh root@www.website.net -p 4231 // Try again
Hope this works.
add a comment |
Its means your remote host key was changed (May be host password change),
Your terminal suggested to execute this command as root user
$ ssh-keygen -f "/root/.ssh/known_hosts" -R [www.website.net]:4231
You have to remove that host name from hosts list on your pc/server. Copy that suggested command and execute as a root user.
$ sudo su // Login as a root user
$ ssh-keygen -f "/root/.ssh/known_hosts" -R [www.website.net]:4231 // Terminal suggested command execute here
Host [www.website.net]:4231 found: line 16 type ECDSA
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old
$ exit // Exist from root user
$ sudo ssh root@www.website.net -p 4231 // Try again
Hope this works.
add a comment |
Its means your remote host key was changed (May be host password change),
Your terminal suggested to execute this command as root user
$ ssh-keygen -f "/root/.ssh/known_hosts" -R [www.website.net]:4231
You have to remove that host name from hosts list on your pc/server. Copy that suggested command and execute as a root user.
$ sudo su // Login as a root user
$ ssh-keygen -f "/root/.ssh/known_hosts" -R [www.website.net]:4231 // Terminal suggested command execute here
Host [www.website.net]:4231 found: line 16 type ECDSA
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old
$ exit // Exist from root user
$ sudo ssh root@www.website.net -p 4231 // Try again
Hope this works.
Its means your remote host key was changed (May be host password change),
Your terminal suggested to execute this command as root user
$ ssh-keygen -f "/root/.ssh/known_hosts" -R [www.website.net]:4231
You have to remove that host name from hosts list on your pc/server. Copy that suggested command and execute as a root user.
$ sudo su // Login as a root user
$ ssh-keygen -f "/root/.ssh/known_hosts" -R [www.website.net]:4231 // Terminal suggested command execute here
Host [www.website.net]:4231 found: line 16 type ECDSA
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old
$ exit // Exist from root user
$ sudo ssh root@www.website.net -p 4231 // Try again
Hope this works.
answered Aug 14 '16 at 4:59
Jay PatelJay Patel
1787
1787
add a comment |
add a comment |
You should change your key in this way:
From your given error find which host-key changed for
example: Offending ECDSA key in /Users/user-name/.ssh/known_hosts:5
said 5th key changed, so do this:
sed -i '5d' ~/.ssh/known_hosts
Notice: you must be root or have privilege for sudo.
No, unless you are doing it for someone else, it does not require root nor sudo. You are editing the file in your home directory. Second: for the command to work it requires GNU sed.
– techraf
Mar 13 '16 at 16:00
Maybe you right but I tried to ssh from Mac OSX to ubuntu-server and I have to do that. by the way thank you for your comment.
– Amir.A.G
Mar 14 '16 at 16:44
add a comment |
You should change your key in this way:
From your given error find which host-key changed for
example: Offending ECDSA key in /Users/user-name/.ssh/known_hosts:5
said 5th key changed, so do this:
sed -i '5d' ~/.ssh/known_hosts
Notice: you must be root or have privilege for sudo.
No, unless you are doing it for someone else, it does not require root nor sudo. You are editing the file in your home directory. Second: for the command to work it requires GNU sed.
– techraf
Mar 13 '16 at 16:00
Maybe you right but I tried to ssh from Mac OSX to ubuntu-server and I have to do that. by the way thank you for your comment.
– Amir.A.G
Mar 14 '16 at 16:44
add a comment |
You should change your key in this way:
From your given error find which host-key changed for
example: Offending ECDSA key in /Users/user-name/.ssh/known_hosts:5
said 5th key changed, so do this:
sed -i '5d' ~/.ssh/known_hosts
Notice: you must be root or have privilege for sudo.
You should change your key in this way:
From your given error find which host-key changed for
example: Offending ECDSA key in /Users/user-name/.ssh/known_hosts:5
said 5th key changed, so do this:
sed -i '5d' ~/.ssh/known_hosts
Notice: you must be root or have privilege for sudo.
answered Mar 13 '16 at 15:22
Amir.A.GAmir.A.G
113
113
No, unless you are doing it for someone else, it does not require root nor sudo. You are editing the file in your home directory. Second: for the command to work it requires GNU sed.
– techraf
Mar 13 '16 at 16:00
Maybe you right but I tried to ssh from Mac OSX to ubuntu-server and I have to do that. by the way thank you for your comment.
– Amir.A.G
Mar 14 '16 at 16:44
add a comment |
No, unless you are doing it for someone else, it does not require root nor sudo. You are editing the file in your home directory. Second: for the command to work it requires GNU sed.
– techraf
Mar 13 '16 at 16:00
Maybe you right but I tried to ssh from Mac OSX to ubuntu-server and I have to do that. by the way thank you for your comment.
– Amir.A.G
Mar 14 '16 at 16:44
No, unless you are doing it for someone else, it does not require root nor sudo. You are editing the file in your home directory. Second: for the command to work it requires GNU sed.
– techraf
Mar 13 '16 at 16:00
No, unless you are doing it for someone else, it does not require root nor sudo. You are editing the file in your home directory. Second: for the command to work it requires GNU sed.
– techraf
Mar 13 '16 at 16:00
Maybe you right but I tried to ssh from Mac OSX to ubuntu-server and I have to do that. by the way thank you for your comment.
– Amir.A.G
Mar 14 '16 at 16:44
Maybe you right but I tried to ssh from Mac OSX to ubuntu-server and I have to do that. by the way thank you for your comment.
– Amir.A.G
Mar 14 '16 at 16:44
add a comment |
you have to put the rsa key of the target host into the source host /home/user/.ssh/known_hosts
by running this on the target
ssh-keyscan -t rsa @targethost
add a comment |
you have to put the rsa key of the target host into the source host /home/user/.ssh/known_hosts
by running this on the target
ssh-keyscan -t rsa @targethost
add a comment |
you have to put the rsa key of the target host into the source host /home/user/.ssh/known_hosts
by running this on the target
ssh-keyscan -t rsa @targethost
you have to put the rsa key of the target host into the source host /home/user/.ssh/known_hosts
by running this on the target
ssh-keyscan -t rsa @targethost
edited Apr 6 '17 at 16:56
answered Apr 6 '17 at 15:42
rob brennanrob brennan
112
112
add a comment |
add a comment |
pico ~/.ssh/known_hosts
and delete all lines, after just reconnect and you will get a new key.
5
This is a dangerous solution, because you will remove ALL your host keys. The accepted solution,ssh-keygen -R hostname
is better.
– msanford
Mar 24 '14 at 20:52
add a comment |
pico ~/.ssh/known_hosts
and delete all lines, after just reconnect and you will get a new key.
5
This is a dangerous solution, because you will remove ALL your host keys. The accepted solution,ssh-keygen -R hostname
is better.
– msanford
Mar 24 '14 at 20:52
add a comment |
pico ~/.ssh/known_hosts
and delete all lines, after just reconnect and you will get a new key.
pico ~/.ssh/known_hosts
and delete all lines, after just reconnect and you will get a new key.
edited Oct 18 '12 at 7:40
Mark Paskal
2,65311827
2,65311827
answered Oct 18 '12 at 6:26
H0nsuH0nsu
91
91
5
This is a dangerous solution, because you will remove ALL your host keys. The accepted solution,ssh-keygen -R hostname
is better.
– msanford
Mar 24 '14 at 20:52
add a comment |
5
This is a dangerous solution, because you will remove ALL your host keys. The accepted solution,ssh-keygen -R hostname
is better.
– msanford
Mar 24 '14 at 20:52
5
5
This is a dangerous solution, because you will remove ALL your host keys. The accepted solution,
ssh-keygen -R hostname
is better.– msanford
Mar 24 '14 at 20:52
This is a dangerous solution, because you will remove ALL your host keys. The accepted solution,
ssh-keygen -R hostname
is better.– msanford
Mar 24 '14 at 20:52
add a comment |
My solution comes from this blog post: Algorithm negotiation failed for SSH Secure Shell Client
You need to modify the file as follows:
sudo nano /etc/ssh/sshd_config
And then add the following:
# Ciphers
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour
KexAlgorithms diffie-hellman-group1-sha1
Basically you tried different solutions until you find one which can solve your problem. If the above solutions don't work, please try this one. If this one doesn't work as well, please try others.
add a comment |
My solution comes from this blog post: Algorithm negotiation failed for SSH Secure Shell Client
You need to modify the file as follows:
sudo nano /etc/ssh/sshd_config
And then add the following:
# Ciphers
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour
KexAlgorithms diffie-hellman-group1-sha1
Basically you tried different solutions until you find one which can solve your problem. If the above solutions don't work, please try this one. If this one doesn't work as well, please try others.
add a comment |
My solution comes from this blog post: Algorithm negotiation failed for SSH Secure Shell Client
You need to modify the file as follows:
sudo nano /etc/ssh/sshd_config
And then add the following:
# Ciphers
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour
KexAlgorithms diffie-hellman-group1-sha1
Basically you tried different solutions until you find one which can solve your problem. If the above solutions don't work, please try this one. If this one doesn't work as well, please try others.
My solution comes from this blog post: Algorithm negotiation failed for SSH Secure Shell Client
You need to modify the file as follows:
sudo nano /etc/ssh/sshd_config
And then add the following:
# Ciphers
Ciphers aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,arcfour
KexAlgorithms diffie-hellman-group1-sha1
Basically you tried different solutions until you find one which can solve your problem. If the above solutions don't work, please try this one. If this one doesn't work as well, please try others.
edited Apr 6 '17 at 20:24
wjandrea
9,13942363
9,13942363
answered Apr 6 '17 at 17:01
Frank PukFrank Puk
1
1
add a comment |
add a comment |
Just disable strict host key checking in your ~/.ssh/config:
Host *
StrictHostKeyChecking no
add a comment |
Just disable strict host key checking in your ~/.ssh/config:
Host *
StrictHostKeyChecking no
add a comment |
Just disable strict host key checking in your ~/.ssh/config:
Host *
StrictHostKeyChecking no
Just disable strict host key checking in your ~/.ssh/config:
Host *
StrictHostKeyChecking no
answered Apr 26 '18 at 15:27
TimoTimo
1707
1707
add a comment |
add a comment |
May you just need to enter "yes" when ssh confirm you want to continue connectting.
Like bellow.
The authenticity of host 'xxx' can't be established.
ECDSA key fingerprint is yyy.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xxx' (ECDSA) to the list of known hosts.
Enter passphrase for key '/Users/ysy/.ssh/id_rsa':
Then enter your password.
Please pay attention to "Are you sure you want to continue connecting (yes/no)? yes". You must enter yes, not enter.
New contributor
add a comment |
May you just need to enter "yes" when ssh confirm you want to continue connectting.
Like bellow.
The authenticity of host 'xxx' can't be established.
ECDSA key fingerprint is yyy.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xxx' (ECDSA) to the list of known hosts.
Enter passphrase for key '/Users/ysy/.ssh/id_rsa':
Then enter your password.
Please pay attention to "Are you sure you want to continue connecting (yes/no)? yes". You must enter yes, not enter.
New contributor
add a comment |
May you just need to enter "yes" when ssh confirm you want to continue connectting.
Like bellow.
The authenticity of host 'xxx' can't be established.
ECDSA key fingerprint is yyy.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xxx' (ECDSA) to the list of known hosts.
Enter passphrase for key '/Users/ysy/.ssh/id_rsa':
Then enter your password.
Please pay attention to "Are you sure you want to continue connecting (yes/no)? yes". You must enter yes, not enter.
New contributor
May you just need to enter "yes" when ssh confirm you want to continue connectting.
Like bellow.
The authenticity of host 'xxx' can't be established.
ECDSA key fingerprint is yyy.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xxx' (ECDSA) to the list of known hosts.
Enter passphrase for key '/Users/ysy/.ssh/id_rsa':
Then enter your password.
Please pay attention to "Are you sure you want to continue connecting (yes/no)? yes". You must enter yes, not enter.
New contributor
New contributor
answered 15 mins ago
JChen___JChen___
101
101
New contributor
New contributor
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f45679%2fssh-connection-problem-with-host-key-verification-failed-error%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Dó you use host names or IP-addresses?
– Thorbjørn Ravn Andersen
May 27 '12 at 13:21
Not similar but I got the same error but due to a different problem: serverfault.com/questions/494916/…
– zengr
Aug 28 '13 at 19:18
This is not an Ubuntu-specific issue. Can happen with any
ssh
from the command-line.– MarkHu
Mar 31 '17 at 17:19