Ssh – Wiped out the known_hosts file on the server machine. Is it safe

amazon ec2known-hostsssh

I am fairly new to managing my production server and I had some problems accessing my EC2 account with the RSA HOst key for xxx has changed message. I read on a couple of Blogs that by simply deleting the known_hosts in the /root/.ssh/ folder the system would automatially generate the keys the next time i attempt to log in.

Now I deleted the file while I was logged in as Root and the file does not seem to appear. Is there something I need to do. Im not fully aware of what the known_hosts file does. From what I read it maintains key pairs identifying hosts connecting from remote machines. I appreciate any help on if I need to do something to recover that file or is it safe?

Best Answer

It should create a new one automatically. You can always just touch a new one and then set permissions/ownership as needed (based off another one perhaps). I usually just remove the entries from known_hosts that are wrong and not whack the whole file.

Oh, and this belongs on SuperUser... :-)

Related Solutions

How to Remove Strict RSA Key Checking in SSH and Understand the Issues

Please don't delete the entire known_hosts file as recommended by some people, this totally voids the point of the warning. It's a security feature to warn you that a man in the middle attack may have happened.

I suggest you identify why it thinks something has changed, most likely an SSH upgrade altered the encryption keys due to a possible security hole. You can then purge that specific line from your known_hosts file:

sed -i 377d ~/.ssh/known_hosts

This deletes line 377 as shown after the colon in the warning:

/home/emerson/.ssh/known_hosts:377

Alternatively you can remove the relevant key by doing the following

ssh-keygen -R 127.0.0.1 (obviously replace with the server's IP)

Please DO NOT purge the entire file and ensure this is actually the machine you want to be connecting to prior to purging the specific key.

Ssh – Generating SSHFP record from OpenSSH known_hosts file entry

ssh-keygen(1) doesn't behave the same way as sshfp(1).

You'll note from the man page that the syntax is:

ssh-keygen -r hostname [-f input_keyfile] [-g]

So the file should be an input_keyfile rather than a known_hosts_file. If you don't specify then it will default to the server's local keys of /etc/ssh/ssh_host_rsa_key.pub and /etc/ssh/ssh_host_dsa_key.pub.

You can either generate the record from each server that you wish to create SSHFP records for with ssh-keygen. Or source sshfp and create them all from one known_hosts file.

Best Answer

Related Solutions

How to Remove Strict RSA Key Checking in SSH and Understand the Issues

Ssh – Generating SSHFP record from OpenSSH known_hosts file entry

Related Topic