SSH key error, DNS spoofing message
Whenever nodes are updated (for instance, the May 2018 upgrade to CentOS 7), if there is a significant change to them then the SSH key fingerprint is likely to change. As you’ve already stored the fingerprint locally, you will receive a key mismatch error like “WARNING: POSSIBLE DNS SPOOFING DETECTED!” and “The RSA host key for login.rc.fas.harvard.edu has changed”.
To fix this, you will need to remove the key in question from your computer’s local known_hosts file. If you are on a Mac or Linux, you can use the following command from a terminal window on your computer.
ssh-keygen -R login.rc.fas.harvard.edu
If the error was for a specific node, replace ‘login.rc.fas.harvard.edu’ with the full name of that host.
You can now log into the node and will receive an all new request to store the new SSH key.
The example in the screenshot above assumes that your username on your local machine (jharvard, in this case) matches your cluster account username. If this is not the case, you will have to login with your username, explicitly, such as:
Please note that there are several nodes behind the ‘login.rc.fas.harvard.edu’ hostname, so you may receive more errors like the above. Answering yes will allow you to continue.
Alternately, if you primarily only interact with the cluster, you may find it easiest to simply remove the known_hosts file and let it be created from scratch at next login. Mac and Linux users can do so from a terminal on their computer with the following command:
PuTTY may prompt you to update the key in place, or it may require updating a registry entry to correct this. If the latter, you will need to remove the known_hosts from the registry:
- Open ‘regedit.exe’ by doing a search or by pressing the “Windows Key + R” and type “regedit” and hitting enter or try opening C:\Windows\System32\regedt32.exe
HKEY_CURRENT_USER\Software\[your username here]\PuTTY\SshHostKeys
- Remove all keys or find and delete the individual key you need to remove
- Restart your computer, changes won’t take effect until after a restart.