All these years, I’ve dealt with changed SSH keys (you know, you go to SSH into something and you get the “key has changed” error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
probably because you rebuilt the target server/vm, or you changed an IP somewhere, or whatever) by removing the entry from ~/.ssh/known_hosts. It’s a few annoying extra steps, but it has always worked for me. Call it “old reliable.”
With the release of CentOS 8, everything changes. Known hosts are now managed by sss. Maybe this happened somewhere else and I wasn’t aware of it, but this is how I was made aware of it:
Message as above, along with:
Offending ED25519 key in /var/lib/sss/pubconf/known_hosts:6
Well that’s new. And you can’t delete from that file, because it’s generated behind the scenes and then comes right back. Generated from ~/.ssh/known_hosts, apparently. And nobody wants to enter a new key manually as it suggests. The answer?
ssh-keyscan -t ecdsa 10.120.x.x >> ~/.ssh/known_hosts
(substituting your target IP, of course). Almost worth aliasing “whoopsienewkey” to it with a variable for the IP.
Anyhow, that’s all, I hope you’ve learned something today to make your day easier and brighter.