All these years, I’ve dealt with changed SSH keys (you know, you go to SSH into something and you get the “key has changed” error:<\/p>\n\n\n\n
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.<\/p>\n\n\n\n
probably because you rebuilt the target server\/vm, or you changed an IP somewhere, or whatever) by removing the entry from ~\/.ssh\/known_hosts. It’s a few annoying extra steps, but it has always worked for me. Call it “old reliable.”<\/p>\n\n\n\n
With the release of CentOS 8, everything changes. Known hosts are now managed by sss. Maybe this happened somewhere else and I wasn’t aware of it, but this is how I was made aware of it:
Message as above, along with:
Offending ED25519 key in \/var\/lib\/sss\/pubconf\/known_hosts:6
Well that’s new. And you can’t delete from that file, because it’s generated behind the scenes and then comes right back. Generated from ~\/.ssh\/known_hosts, apparently. And nobody wants to enter a new key manually as it suggests. The answer?<\/p>\n\n\n\n
ssh-keyscan -t ecdsa 10.120.x.x >> ~\/.ssh\/known_hosts<\/p>\n\n\n\n
(substituting your target IP, of course). Almost worth aliasing “whoopsienewkey” to it with a variable for the IP. <\/p>\n\n\n\n
Anyhow, that’s all, I hope you’ve learned something today to make your day easier and brighter.<\/p>\n","protected":false},"excerpt":{"rendered":"
All these years, I’ve dealt with changed SSH keys (you know, you go to SSH into something and you get the “key has changed” error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION … <\/p>\n