If you use DreamHost’s VPS service you may have recently had your host server upgraded to Debian OS v6.0.2. Or maybe you’re dealing with Proactive Security Maintenance (New Login Keys)
This happened mostly through the month of August 2011 and recently in October 2012.
One of the side effects of this was that the RSA host key changed for the server. Most folks won’t notice this but if you’ve used SSH to access the server you’re probably getting the warning message below. (I changed RSA key, username and domain name to generic names in the example below.)
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is x1:x1:x1:x1:x1:x1:x1:x1:x1:x1:x1:x1:x1:x1:x1:x1. Please contact your system administrator. Add correct host key in /Users/username/.ssh/known_hosts to get rid of this message. Offending key in /Users/username/.ssh/known_hosts:10 RSA host key for yourdomain.com has changed and you have requested strict checking. Host key verification failed. lost connection
And now you’re bumming out because you don’t know how to get past this and you need to SSH in. Here’s the solution below. Note: Contact DreamHost first to make sure the problem is with your server RSA key change and not some man-in-the-middle attack.
Macintosh OS X (You will also need a good Unix type text editor like TextWrangler or BBEdit):
Your Mac saves the host keys within a hidden folder called ‘.ssh’ Note that the period in front of the filename hides the folder from the normal Mac user since there’s important stuff in there and you can get into real trouble if you mess with the files. Well, to fix this we’re going to mess with one of those files.
In the examples below don’t type in the quote marks and the upper-case is just for emphasis.
- In Finder press COMMAND-SHIFT-G
This will bring up the ‘go to folder’ dialouge box.
- Type in ‘~/.ssh/’ and hit RETURN
This will reveal the hidden folder.
- Find the file ‘known_hosts’
Open this file ‘known_hosts’ with a plain text editor like TextWrangler which is free. Don’t open it with Pages or Microsoft Word or you will screw-up the file with all kind of garbage characters. TexWrangler is free and is the an excellent text editor for Mac OS X when all you need is a good old plain Unix type editor. Click on the app’s name above to download it if you don’t already have it.
- Make sure you have ‘Soft Wrap Text’ turned-off in TextWrangler so it’s only one host per line. (see figure 1)
- Look for your domain name that’s part of your SSH login in the file. So if your login is ‘ssh email@example.com’ you will want to look for the line with the domain ‘yourdomain.com’ (see figure 2)
- Now delete that line with your host name in it.
- Save the file ‘known_hosts’ by hitting COMMAND-S or going to File>Save and close it.
Now you should be able to SSH into your server without the warning. Actually you will get a new warning when you log in saying:
The authenticity of host ‘yourdomain.com (18.104.22.168)’ can’t be established.
RSA key fingerprint is x1:x1:x1:x1:x1:x1:x1:x1:x1:x1:x1:x1:x1:x1:x1:x1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘yourdomain.com,22.214.171.124’ (RSA) to the list of known hosts.
You can verify that it’s now working properly if you open ‘known_hosts’ again and find your server at the bottom of the list.
You should be good from here
I don’t really use Windows much so you can find some info here:
Unix, Linux and Cygwin:
Yeah, if you’re using one of these operating systems you probably don’t even need this tutorial. But it’s similar to the Mac tutorial if that’s any hint. Or you can hit the link above for Windows and cruise that page for some info. Or you can go here.
3 replies on “How to fix SSH login problems with your Dreamhost VPS”
Thank you so much. A total stranger is grateful to you. You helped me solve a problem that seems very important in my own little world. :-)
No problem. These things can be tricky if you're not a gearhead that does this all the time. Which is why I wrote the tutorial so I don't have to figure-out how to do this again. So the tutorial is for me too. :)
Thank you so much! You saved my life.