Ask Your Question

Error while connecting to Fedora People through SSH

asked 2014-01-11 11:14:48 -0500

I already uploaded my RSA public key, but it prints out this:

eduardo@localhost ~$ ssh

The RSA host key for has changed,
and the key for the corresponding IP address
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /home/eduardo/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/eduardo/.ssh/known_hosts:4
RSA host key for has changed and you have requested strict checking.
Host key verification failed.

Why does this happen?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2014-01-11 20:10:44 -0500

updated 2014-01-11 20:14:08 -0500

A couple possibilities here:

  1. Your DNS resolver is compromised, and you are being referred to a site that is not .
  2. Your known hosts file has changed (or been compromised!) and server signatures do not match.
  3. The IP address or domain name of the server has changed, so the records in your ~/.ssh/known_hosts do not match.
  4. The host key of the server has changed. This could be from a reinstall, or because more than one server handles traffic for a given domain.

In this situation, you are trying to connect to . Without a subdomain, your DNS request is probably going to be resolved to one of many caching proxies, by design. To get around the message, you could disable strict checking for this host in ~/.ssh/config. Alternatively, be more specific about the host you are trying to reach. Don't confuse with

To compare fingerprints, you can use ssh-geygen -l -F to list the fingerprint of the key in ~/.ssh/known-hosts and compare to the one SSH reports when you try to connect. If the fingerprints match, you can be more confident that you are reaching the same machine at a different IP.

edit flag offensive delete link more



Shouldn't he be trying to ssh into fedorapeople? I wasn't aware that we could ssh into

FranciscoD_ gravatar imageFranciscoD_ ( 2014-01-12 02:45:35 -0500 )edit

@FranciscoD_ Yes, that is the conclusion I was hoping he would reach after reading my answer.

randomuser gravatar imagerandomuser ( 2014-01-12 11:59:27 -0500 )edit

@randomuser silly me! I was trying to connect using the wrong domain. Thanks anyway.

mayorga gravatar imagemayorga ( 2014-01-13 12:09:43 -0500 )edit

What to do about that message is still a good question, @mayorga :)

randomuser gravatar imagerandomuser ( 2014-01-16 00:35:24 -0500 )edit

Thanks, I forgot that and fedoraproject are different.

alyaj2a gravatar imagealyaj2a ( 2017-03-12 23:50:50 -0500 )edit

answered 2014-01-11 11:37:57 -0500

Marc lml gravatar image

The key for is stored in ~/.ssh/known_hosts as a security feature to prevent DNS spoofing. Because the IP-address changed this key is no longer valid. You can edit ~/.ssh/known_hosts and remove the rule for With the first connection you will be asked if you trust this connection and it will automatically be added again.

edit flag offensive delete link more


Deleting the known_hosts entry is probably fine for a LAN, but you should verify that you aren't actually compromised. We are shown these warnings for a reason.

randomuser gravatar imagerandomuser ( 2014-01-11 20:13:03 -0500 )edit

Question Tools


Asked: 2014-01-11 11:14:48 -0500

Seen: 789 times

Last updated: Jan 11 '14