I have a server (lets assume its ip be a.b.c.d) which allows users to login via ssh. Now I want to change the physical machine keeping the ip same. So that the new machine is still accessed by a user like this
$ssh a.b.c.d
Problem is, every time one user tries to login, she gets the following ssh-key mismatch error.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 02:dc:c6:18:1b:34:b7:1d:fa:90:ab:e1:95:48:69:84. Please contact your system administrator. Add correct host key in /home/user/.ssh/known_hosts to get rid of this message. Offending key in /home/user/.ssh/known_hosts:37 RSA host key for alumni has changed and you have requested strict checking. Host key verification failed.
I know that user can delete line # 37 from the file ~/.ssh/known_hosts and next time she would get a yes/no prompt. What I want is that user should be kept unaware of this whole machine replacement thing and just get a prompt for password.
How to do that?
Best Answer
As Ethabell mentioned, you can copy over the current host keys to the new server.
You can find your host keys by opening your
sshd_config
file (On my Ubuntu 12.04 box its/etc/ssh/sshd_config
). In the config file look for theHostKey
entries. These entries will tell you where the host key files are located. You should be able to copy these files to the new server and update the new server'ssshd_config
to point to the copied keys (or just overwrite the files that already exist on the new server).Also, note this section from the
sshd_config
man page, specifically the part about permissions: