All geek questions in one place

Host Key Verification Error - Amazon EC2

I work with win 7 and git bash, as well as with an Amazon EC2 instance. I tried to enter my instance:

$ ssh -if:mykey.pem ubuntu@ec2-52-10- **-**.us-west-2.compute.amazonaws.com @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is 71:00:d7:d8:a------------------26. Please contact your system administrator. Add correct host key in /m/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /m/.ssh/known_hosts:27 ECDSA host key for ec2-52-10-**-**.us-west-2.compute.amazonaws.com has changed and you have request ed strict checking. Host key verification failed.

Logging in, as in the past, worked fine, but this problem started after rebooting my EC2 instance. How can I start this work again?

edit:

 $ ssh -if:tproxy.pem ubuntu@ec2-52-10- **-**.us-west-2.compute.amazonaws.com ssh: connect to host ec2-52-10-**-**.us-west-2.compute.amazonaws.com port 22: Bad file number

enter image description here

tried again:

 The authenticity of host 'ec2-52-10-**-**.us-west-2.compute.amazonaws.com (52.10.**-**)' can't be established. ECDSA key fingerprint is d6:c4:88:-----------fd:65. Are you sure you want to continue connecting (yes/no)? y Please type 'yes' or 'no': yes Warning: Permanently added 'ec2-52-10-**-**.us-west-2.compute.amazonaws.com,52.10.**-**' (ECDSA) t o the list of known hosts. Permission denied (publickey).

What should I do now?

+8
source share
4 answers

The host name has a new ssh key, so ssh reports that something has changed. Hint:

 Offending ECDSA key in /m/.ssh/known_hosts:27

If you are sure that the server on the other hand is authentic, you should delete line 27 in /m/.ssh/known_hosts .

+7
source

This error says that something has changed since you last logged into this server and that the server you are trying to run ssh on may not be the server that you think is .

One thing to know about ... When you create an EC2 instance, There is no fixed IP assigned to this instance .
When you run this instance, it will get the (dynamic) IP number and DNS name, which will be based on this IP address.
If you close the instance and start it after a few hours, it can get a new IP address and a new DNS name .

If you are still trying to access the old DNS name / IP , you are actually trying to access a server that may not belong to you.
This will end with the same msg error you have.
(This may happen because you pointed the DNS record to the old IP address or you are using scripts trying to access the old DNS name / IP address, or just repeat the ssh command from your history ...)

If so, the solution should use Elastic IP .
You can assign Elastic IP to your server, and this will force it to maintain its IP address between reboots.

The elastic IP address is free while your (connected) server is down.
But it will cost you a small fee if the connected server is down.
This is to ensure that you do not β€œreserve” IP until you use / need it.

+5
source

In the BeanStalk environment, the problem is that it refers to the key from known_hosts for the corresponding IP. But that has changed. Thus, using the same key will not work.

Removing the IP key from ~/.ssh/known_hosts and then connecting via ssh will work.

(As a rule, when there is no entry in ~/.ssh/known_hosts it will create a new one and thus resolve the conflict)

+1
source

add "sudo" before your requests. This solved my problem.

0
source

Source: https://habr.com/ru/post/983925/

More articles:


All Articles