SSH Connecting to Server Fails

Communication with the School of Computing servers via the Secure Shell (ssh) protocol can occasionally fail due to configuration changes.  The Secure Shell protocol uses shared public keys to verify connection to systems, and a mismatching key on either side of the connection can cause your ssh command to fail.

An example of a ssh command failure:

cse$ ssh jdoe2@cse-linux-01.unl.edu
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:T5kekqZiuyhZ0vf74IpeN92Ll48p/0qoVfL1Y8Q1fow.
Please contact your system administrator.
Add correct host key in /Users/johndoe/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/johndoe/.ssh/known_hosts:28
Host key for cse-linux-01.unl.edu has changed and you have requested strict checking.
Host key verification failed.
cse$ 

The example indicates that the host key for the cse-linux-01.unl.edu server has changed.  Servers receive their host key from their internet service provider, and changes to host names or expiration of host keys will result in a new host key being issued.

To fix this problem, the clue is already present in the output; notice the line Offending ECDSA key in /Users/johndoe/.ssh/known_hosts:28. The message indicates the problem exists on your local system, in this case a Macbook pro, within the directory (folder) /Users/johndoe/.ssh where the known_hosts file has a line specific to the cse-linux-01 server. The fix is as easy as editing /Users/johndoe/.ssh/known_hosts and removing line 28. Now when you try the ssh jdoe2@cse-linux-01.unl.edu command, you will be prompted to accept a new host key, and once you accept the key you can then enter the password for the account.

Active: 
Yes
FAQ Priority: 
5.00
FAQ Category: 
Account and General Issues