How to Remove Unwanted SSH Keys

How-To 2 Minutes

After re-install my Synology DSM, I cannot use ssh to login DSM. It prompts for following warning message:

Last login: Thu Jun 16 10:11:39 on console
Amigos-Mac-mini:~ Amigo$ ssh admin@192.168.1.142
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:cq9E1KQyJ5Nq3ktPpZ/K1GFydg741lEZKQ3DJxF2DJA.
Please contact your system administrator.
Add correct host key in /Users/Amigo/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/Amigo/.ssh/known_hosts:1
ECDSA host key for 192.168.1.142 has changed and you have requested strict checking.
Host key verification failed.
Amigos-Mac-mini:~ Amigo$

In short, I have to remove my previous key. It’s saved in different location with different tools.

Terminal on OSX

With Terminal on OS X El Capitan, the key is stored in $HOME/.ssh/known_hosts. You have to remove the key started with previous IP and save the file. Here I have to remove the key with 192.168.1.142

192.168.1.142 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoY... (The rest has been removed due to security concern)

Delete SSH Keys Using Terminal Command Line on nixCraft provides different solution. Maybe it is different version of OS X.

As you may see below, I may use ssh to login DSM now. It will prompt for saving key at the first time.

Amigos-Mac-mini:.ssh Amigo$ ssh admin@192.168.1.142
The authenticity of host '192.168.1.142 (192.168.1.142)' can't be established.
ECDSA key fingerprint is SHA256:cq9E... (The rest has been removed due to security concern)
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.142' (ECDSA) to the list of known hosts.
admin@192.168.1.142's password: 
Could not chdir to home directory /var/services/homes/admin: No such file or directory
admin@DS214SE:/$

Reference

  1. nixCraft: Mac OS X: Delete SSH Keys Using Terminal Command Line
  2. Reinstall Synology DSM
  3. Synology: DSM
  4. Wiki: OS X
  5. Wiki: OS X El Capitan
  6. Wiki: Secure Shell
  7. Wiki: Terminal (OS X)

Published by Amigo

I am currently self-employee providing CRM Consulting service and developing a Model Thinking with Zen.

Published

One thought on “How to Remove Unwanted SSH Keys

  1. FWIW IMO the easiest way to remove keys via the commandline is:

    ssh-keygen -R hostname [-f known_hosts_file]

    E.g. in your example:

    ssh-keygen -R 192.168.1.142

    or alternatively:

    ssh-keygen -R ecdsa-sha2-nistp256

    I’ve never needed to use the -f switch to explicitly state the file, but I’m on Debian YMMV. Although the default path to the known_hosts file is the same as OSX ($HOME/.ssh/known_hosts) so it might work…

    Like

    Reply

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.