#

SSH key error, DNS spoofing message

Whenever nodes are updated (for instance, the May 2018 upgrade to CentOS 7), if there is a significant change to them then the SSH key fingerprint is likely to change. As you've already stored the fingerprint locally, you will receive a key mismatch error like "WARNING: POSSIBLE DNS SPOOFING DETECTED!" and "The RSA host key for login.rc.fas.harvard.edu has changed". 

Mac/Linux

To fix this, you will need to remove the key in question from your computer's local known_hosts file. If you are on a Mac or Linux, you can use the following command from a terminal window on your computer.

ssh-keygen -R login.rc.fas.harvard.edu

If the error was for a specific node, replace 'login.rc.fas.harvard.edu' with the full name of that host.

You can now log into the node and will receive an all new request to store the new SSH key.

The example in the screenshot above assumes that your username on your local machine (jharvard, in this case) matches your Odyssey account username. If this is not the case, you will have to login with your username, explicitly, such as: ssh jharvard@login.rc.fas.harvard.edu

Please note that there are several nodes behind the 'login.rc.fas.harvard.edu' hostname, so you may receive more errors like the above. Answering yes will allow you to continue.

Alternately, if you primarily only interact with the Odyssey cluster, you may find it easiest to simply remove the known_hosts file and let it be created from scratch at next login. Mac and Linux users can do so from a terminal on their computer with the following command:

rm ~/.ssh/known_hosts

 

Windows/PuTTY

PuTTY may prompt you to update the key in place, or it may require updating a registry entry to correct this. If the latter, you will need to remove the known_hosts from the registry:

  1. Open ‘regedit.exe’ by doing a search  or by pressing the "Windows Key + R" and type "regedit" and hitting enter or try opening C:\Windows\System32\regedt32.exe
  2. Find HKEY_CURRENT_USER\Software\[your username here]\PuTTY\SshHostKeys
  3. Remove all keys or find and delete the individual key you need to remove
  4. Restart your computer, changes won't take effect until after a restart.

Posted in: a. Login and Authentication

CC BY-NC 4.0 This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. Permissions beyond the scope of this license may be available at Attribution.