After re-install my Synology DSM, I cannot use ssh to login DSM. It prompts for following warning message:
Last login: Thu Jun 16 10:11:39 on console Amigos-Mac-mini:~ Amigo$ ssh admin@192.168.1.142 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:cq9E1KQyJ5Nq3ktPpZ/K1GFydg741lEZKQ3DJxF2DJA. Please contact your system administrator. Add correct host key in /Users/Amigo/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /Users/Amigo/.ssh/known_hosts:1 ECDSA host key for 192.168.1.142 has changed and you have requested strict checking. Host key verification failed. Amigos-Mac-mini:~ Amigo$
In short, I have to remove my previous key. It’s saved in different location with different tools.
Terminal on OSX
With Terminal on OS X El Capitan, the key is stored in $HOME/.ssh/known_hosts. You have to remove the key started with previous IP and save the file. Here I have to remove the key with 192.168.1.142
192.168.1.142 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoY... (The rest has been removed due to security concern)
Delete SSH Keys Using Terminal Command Line on nixCraft provides different solution. Maybe it is different version of OS X.
As you may see below, I may use ssh to login DSM now. It will prompt for saving key at the first time.
Amigos-Mac-mini:.ssh Amigo$ ssh admin@192.168.1.142 The authenticity of host '192.168.1.142 (192.168.1.142)' can't be established. ECDSA key fingerprint is SHA256:cq9E... (The rest has been removed due to security concern) Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.142' (ECDSA) to the list of known hosts. admin@192.168.1.142's password: Could not chdir to home directory /var/services/homes/admin: No such file or directory admin@DS214SE:/$
FWIW IMO the easiest way to remove keys via the commandline is:
ssh-keygen -R hostname [-f known_hosts_file]
E.g. in your example:
ssh-keygen -R 192.168.1.142
or alternatively:
ssh-keygen -R ecdsa-sha2-nistp256
I’ve never needed to use the -f switch to explicitly state the file, but I’m on Debian YMMV. Although the default path to the known_hosts file is the same as OSX ($HOME/.ssh/known_hosts) so it might work…
LikeLike