Possible DNS spoofing detected. Remote host identification has changed

5
votes

I recently changed server and as a consequence, I have a new IP address. When I try to use git fetch [remote repository], I get this:

C:\Users[path]\app>git fetch [remote repository] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @
WARNING: POSSIBLE DNS SPOOFING DETECTED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The RSA host key for example.net has changed, and the key for the corresponding IP address [IP address of new server] is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:ep0A2t+sVMSaIEbS8wt8ptfmdHSr1kNocWsBNab0tsI. Please contact your system administrator. Add correct host key in /c/Users/[username]/.ssh/known_hosts to get rid of this message. Offending RSA key in /c/Users/[username]/.ssh/known_hosts:1 RSA host key for example.net has changed and you have requested strict checking. Host key verification failed. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. C:\Users[path]\app>

I simply need to obtain a new SSH key from the new server and put it in my local computer to fix this, correct? Thank you.

2
gitsshssh-keys

2 Answers

7
votes

If you actually have a new server and you refer to it with the same name or the same IP of the old one, then it's more than likely that the ssh certificates are not the same and you would get a spoofing warning message for it. in the message you can see that ssh is pointing to the line where the old certificate information is: /c/Users/[username]/.ssh/known_hosts:1. Long story short: If you changed server then it's expected that ssh certificates are not the same. Just remove the line from the ssh known_hosts for the old server (1st line of your file in this case) and you'll be fine.

4
votes

The warning message gives better explanation here. The RSA host key for example.net has changed, and the key for the corresponding IP address [IP address of new server] is unknown.

Let's compare two scenarios before you change the IP of example.net (10.0.0.0) and after you change the IP of example.net (10.0.0.1).

Before change: example.net - 10.0.0.0

10.0.0.2>> ssh [email protected] The host fingerprint of the server 10.0.0.0 is stored in known hosts file of the server 10.0.0.2.

After change: example.net - 10.0.0.1

10.0.0.2>> ssh [email protected] Now the example.net is pointing to 10.0.0.1 but in known hosts file example.net is still having the host fingerprint of 10.0.0.0. So you get a warning whenever you try to ssh to example.net because the host key has changed since it's a new server. As per ssh, it thought that someone else has got access to your DNS and possibly changed the endpoint of the DNS to any wrong server that's why you are facing DNS spoofing warning.

To acknowledge it, you need to say the ssh that you are the one who changed it purposely. For that just remove the old host key entry from the known_host file of server 10.0.0.2 and remove entry for 10.0.0.0.

Find the fingerprint of a server:

ssh-keygen -F example.net

Remove the fingerprint of a server:

ssh-keygen -R example.net