Home » Questions » Computers [ Ask a new question ]

Remove key from known_hosts

Remove key from known_hosts

I built several virtual machines during the last few weeks. The problem is, the .ssh/known_hosts gives me the Man in the middle warning. This happens because another fingerprint is associated with the virtual machine IP.

Asked by: Guest | Views: 60
Total answers/comments: 5
Guest [Entry]

"sed -i '6d' ~/.ssh/known_hosts

Will modify the file ~/.ssh/known_hosts:6 , removing the 6th line.

In my opinion, using ssh-keygen -R is a better solution for an openssh power user, while your regular Linux admin would do better to keep his/her sed skills fresh by using the above method."
Guest [Entry]

"There is an ssh-keygen switch (-R) for this.

man ssh-keygen reads:

-R hostname

Removes all keys belonging to hostname from a known_hosts file. This
option is useful to delete hashed hosts (see the -H option above)."
Guest [Entry]

"All answers are good, but for real SSH pro we have missing information how to remove ssh signature with (non-standard) port number.

Simple SSH host signature remove command:
ssh-keygen -R example.com

Complex ssh key remove, e.g. you connect to ssh on non standard port 222:
ssh example.com -p 222

and you get warning, and to remove this, you need to use square brackets colon port number:
ssh-keygen -R [example.com]:222

Note, that probably there will be IP record for the same host, so you will need to remove that one also.
Hope this helps for non-standard configuration users."
Guest [Entry]

"You can also instruct ssh to not check the known_hosts file using the UserKnownHostsFile and StrictHostKeyChecking flags.

For instance:

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no user@example.com

For ease of use you can alias this:

alias boldssh='ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'

Now you can just boldssh whenever you are sure you trust the server's certificate."
Guest [Entry]

"Here is a method using Ex editor:

ex +6d -scwq ~/.ssh/known_hosts

where 6th is your line number mentioned in the warning message. Such as this one:

Offending key for IP in /home/user/.ssh/known_hosts:6 <== LINE NUMBER

In general, it's advised to use ex to edit the files non-interactively, instead of sed, which is more a Stream EDitor and its -i parameter which is a non-standard FreeBSD extension."