How to reset host authentication key for known_hosts?

[gab]

My Linux server recently changed RSA key and I'm now getting this when trying to connect to it via Secure Shell on Chrome OS:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the RSA key sent by the remote host is

a1::a1::a1::a1::a1::a1::...

Please contact your system administrator.

Add correct host key in /.ssh/known_hosts to get rid of this message.

Offending RSA key in /.ssh/known_hosts:1

RSA host key for foo.bar has changed and you have requested strict checking.

Host key verification failed.

NaCl plugin exited with status code 255.

(R)econnect, (C)hoose another connection, or E(x)it?

I know this is the just the host which changed it's key yet I can't find a way to delete the known_hosts entry for this host...

Thanks,

Gab

[Robert Ginda]

From https://github.com/libapps/libapps-mirror/blob/master/nassh/doc/faq.txt#L460:

  If you know the index of the offending host entry (it's usually reported
  by ssh if the connection fails) you can open the JavaScript console and

  type...

     term_.command.removeKnownHostByIndex(index)


  Replace index with the numeric, one-based host index.



  If you don't know the index, or you'd like to clear all known hosts,

  type...

     term_.command.removeAllKnownHosts()

--
You received this message because you are subscribed to the Google Groups "chromium-hterm" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/46c49ef6-82c3-4134-a57c-9badb947b638%40chromium.org.

[gab]

That did it!

Note that you have to run this inside the Javascript console (Chrome Menu => Tools => Javascript Console) of the Secure Shell app itself (this wasn't obvious to me at first).

Thanks!

Gab

[Georgie Orman]

I am having a similar problem.

[Mike Frysinger]

see the documented FAQ: http://goo.gl/3i5AJ

> How do I remove a known host fingerprint (aka known_hosts) entry?

-mike

--

You received this message because you are subscribed to the Google Groups "chromium-hterm" group.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/78035878-ae5b-4122-9252-6c90a41b704f%40chromium.org.

[Robert Ginda]

Have you tried a similar solution?

--

You received this message because you are subscribed to the Google Groups "chromium-hterm" group.

[kal...@gmail.com]

I have a similar problem but I dont know how to open the JavaScript console to type in the suggested command.  The console only gives me the choice to Reconnect, Choose another connection or to Exit  I can never get a command prompt!  What do I need to do to open the JavaScript console so I can enter the suggested command.

[William Wraith IV]

If you are using "Secure Shell" launched with "open as window" in its own window, you can type the shortcut, ctrl-shift-J, to launch the Java Console (I think the cursor needs to be focused in the "Secure Shell" window when you type ctrl-shift-J). This will launch a window with the Javascript console where you can execute configuration statements such as the ones quoted below.

[wybi...@gmail.com]

The instructions above were'nt too clear.

1. Load up your secure shell.
   
2. Attempt to connect to your remote host (this step may not be necessary, but it doesn't hurt)
3. Press <ctrl>+<shift>+j to bring up the javascript console.
4. Type term_.command.removeAllKnownHosts()
5. Reconnect to host

[sad...@gmail.com]

i have the same problem, i've tried that command on javascript console, but i get this message :

ReferrenceError: term_ is not defined

please help

[Weng Leong]

@sad301: Did you ensure your focus is on the secure shell window when opening the JS console? See bwraith's comment also.

--

You received this message because you are subscribed to the Google Groups "chromium-hterm" group.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/f50549c7-694f-456d-8ebf-a57760f804a5%40chromium.org.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-hter...@chromium.org.

[gr...@heier.com]

The better question here is how do you disable host verification? I have multiple images for a machine and every time I change image I have this problem. I also have multiple networks the chromebook is used on and if I connect to the same IP (which is an entirely different machine since we are talking about a different network here) I have the same issue. I hate to have to clear the known hosts every single time I connect. I haven't been able to find anything on how to disable - or if it can even be disabled. Just this workaround which requires clearing the known hosts all the time.

[Mike Frysinger]

it's an ssh client, so if you want to know what options are available, consult the `man ssh_config` page.  then stick whatever settings you want onto the command line.

-mike

--

You received this message because you are subscribed to the Google Groups "chromium-hterm" group.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/b65e0b7c-1e79-470f-9d1e-b2a052f18e05%40chromium.org.

[gr...@heier.com]

 I have tried -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no which seems to be the generally recommended way to do it and that crashes the chrome SSH client.

[Steve Garf]

Meant to reply to the list..

On Wed, Aug 12, 2015 at 8:14 PM, Steve Garf <stg...@gmail.com> wrote:

I though, for sure, that it'd honor "-o StrictHostKeyChecking=no":

​

But surprisingly:

​

And further... adding "-o UserKnownHostsFile=/dev/null" seemed to cause SecureShell to hang...

[Mike Frysinger]

the behavior you describe is how ssh itself works.  on my Linux system:

$ ssh -o StrictHostKeyChecking=no localhost

Warning: Permanently added 'localhost' (RSA) to the list of known hosts.

Password: ^C

$ ssh -o StrictHostKeyChecking=no localhost

Warning: Permanently added 'localhost' (RSA) to the list of known hosts.

Password: ^C

$ grep -c localhost ~/.ssh/known_hosts 

0

-mike

--

You received this message because you are subscribed to the Google Groups "chromium-hterm" group.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/CAASY7xBjugK0D0Rg5LNzyEOAC%2B_xHMWxwcv6SfNQGMOirLiXFA%40mail.gmail.com.

[Steve Garf]

Well what's this then? I just regenerated my ssh servers host keys.

Look, I just did it again! Check the fingerprint.

Oh gee! Maybe third try's the charm?

[Mike Frysinger]

again, that behavior comes from ssh.  please check your behavior against the canonical implementation before SecureShell.

$ ssh localhost

<login>

<change the key in ~/.ssh/known_hosts>

$ ssh -o StrictHostKeyChecking=no localhost

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

...

-mike

[gr...@heier.com]

I think the issue is that this is needed and does not work in this implementation (presumably because of the /dev/null): -o UserKnownHostsFile=/dev/null
What is the alternative to this?

[Steve Garf]

Right.. I understand that.

SecureShell is however ignoring "-o UserKnownHostsFile=/dev/null" and causes SecureShell to hang.. So, what I'm saying is.. short of clearing out the known hosts file every time we connect to "short-lived" hosts, what do you propose?

[Mike Frysinger]

it's not crashing it ... the NaCl env looks to be hanging when it tries to use the pseudo /dev/null.  if you pick a bogus path like /dev/f, that seems to do the trick.

not sure if updating the NaCl toolchain used to build ssh would help.  would require more debugging to figure out what's going wrong.

-mike

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/5e38811d-3b57-4e7a-954a-3950ef8f16e7%40chromium.org.

[Steve Garf]

On Wed, Aug 12, 2015 at 9:15 PM, Mike Frysinger <vap...@chromium.org> wrote:

if you pick a bogus path like /dev/f, that seems to do the trick.

We have a winner! Excellent, thanks

"Failed to add the host to the list of known hosts (/dev/blah)."

[ric...@bucker.net]

There are a few missing steps.... (a) this works with ChromeOS...

I have my terminal program opening in a new window by default and since it's ChromeOS I cannot inspect the window.

- open a new window but make sure it open in the browser

- then right click and click on inspect element in the context menu

- then use the commands below

If you try inspect element on a regular window you will not have access to term_

[ludovic....@gmail.com]

Works perfectly, thanks !

you need to copy and paste the id printed on error message like :

term_.command.removeKnownHostByIndex('10:a5:a3:13:3a:65:a7:77:88:2c:07:26:62:58:49:e0')

Don't forget the ' 

in developer tools > console

term_.command.removeKnownHostByIndex('copy_paste_your_id_here')

[Robert Ginda]

That method takes a numeric index, not a string.  You should pass the index of the key as reported in the error message.  For example if your connection fails with "Offending key in /.ssh/known_hosts: 2", you should call term_.command.removeKnownHostByIndex(2).

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/117110b4-721c-4d1f-b515-74a6fe8289b1%40chromium.org.

[christi...@fraction.io]

It looks like `term_` is defined as an object, but `term_.command` is undefined. Has this property moved? Thanks!

[ovidiu...@3ziele.de]

For me working the following solution:

insert into SSH Arguments: -o StrictHostKeyChecking=no -o UserKnownHostsFile=~/

This working for me ;)

[mfoc...@phm.k12.in.us]

If any of you looking at this are using a manged chromebook, and have the javascript console locked down like me, you can uninstall and reinstall the app to solve the issue.  This removes everything, so use it with caution.

[germa...@googlemail.com]

epic you are a savoir.

[rich...@gmail.com]

[rich...@gmail.com]

I'm trying to reset the keys after changing the network on my server from Ethernet to WiFi. I'm using the Secure Shell SSH terminal for the the Chromebook. I could not get any of the command syntax from this thread to work. I just finally did a Chromebook Powerwash, which worked.

[Gregory Dillon]

this is one of the frequently asked questions.  you open the console, and give a command to forget

term_.command.removeKnownHostByIndex(2)

#where (2) is the number in the line above, “

or (1) in your case

see also

https://groups.google.com/a/chromium.org/forum/#!topic/chromium-hterm/XZtSm6P0acw

--

You received this message because you are subscribed to the Google Groups "chromium-hterm" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-hterm+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/7df689a5-f879-44f2-860d-31ce73f15531%40chromium.org.

--

Let's stay in touch.  Greg

This message may contain confidential information that may also be privileged. Unless you are the intended recipient or are authorized to received information for the intended recipient, you may not use, copy, or disclose the message in whole or in part. If you have received this message in error, please advise the sender by reply email and delete all copies of the message. Thank you.

[cra...@gmail.com]

Remove all known hosts info.

1. open Chrome ssh host select page.

2. press F12

3. typing below in the console.

term_.command.removeAllKnownHosts()

2014년 4월 16일 수요일 오전 12시 43분 40초 UTC+9, gab 님의 말:

[messinga...@gmail.com]

I had reinstalled Raspian on a PI3 and caused the same issue. It was a new SSH install but with the same IP. 

This worked for me. 

term_.command.removeAllKnownHosts() Response from console was "true".

Thanks for the solutions.

On Tuesday, April 15, 2014 at 11:43:40 AM UTC-4, gab wrote:

[sander....@gmail.com]

On my Chromebook, I did this to solve "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!  " (after re-installing Ubuntu which I was trying to access)

Within the tab running the SSH client:

Click on the Three dots in the upper right corner (Customize and control Google Chrome) and then select More Tools > Developer Tools.

Click on Console, and in there:

term_.command.removeAllKnownHosts()

The console will then say "true". Done.

[Tim Hughes]

This no longer works.

The error message is "Uncaught TypeError: term_.command.removeAllKnownHosts is not a function"

SAme for removeKnownHostsbyindex

How do we do this now?

[Mike Frysinger]

please see the FAQ:
https://chromium.googlesource.com/apps/libapps/+/HEAD/nassh/doc/FAQ.md#How-do-I-remove-a-known-host-fingerprint-aka-known_hosts_entry

-mike

--
You received this message because you are subscribed to the Google Groups "chromium-hterm" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-hter...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/d9afcd2c-11a2-464b-9144-17ec0aec51efn%40chromium.org.

[Tim Hughes]

Thanks Mike  it took a while to see which console was what and where but got there in the end.