2

We want to cause the status from a remote Linux machine to return

"@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r",
"@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @\r",
"@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r",

when we ssh to it, so we changed the one of the characters of the public key in the local /root/.ssh/known_hosts file ( beta machine ) in order to force this error to occur.

But this did not happen.

When we ssh to the remote machine from beta machine as

ssh alpha1

we gained access to the remote machine, but did not get the error:

"@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r",
"@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @\r",
"@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r",

How do we simulate this scenario and force this error to occur?

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
shalom
  • 451
  • 12
  • 26
  • You already did. Or I wasn't able to understand what was the goal. – 178024 Aug 27 '19 at 19:17
  • the goal is to get the massage WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! , and this not access me to the remote host – shalom Aug 27 '19 at 19:18
  • I'm surely not being able to understand your english, but if you make your sentences extremely verbose I might understand you better (yet completely the opposite might happen). – 178024 Aug 27 '19 at 19:21
  • what I am try to do is only for simulation and testing - like re-install new remote machine , , but I not want to reinstall the remote machine , so by this way I get identification change , and cannot access by ssh – shalom Aug 27 '19 at 19:24
  • What is the format of your known_host? Is everything hashed and in base64? – To마SE Aug 27 '19 at 19:26
  • yes every thing there is hashed – shalom Aug 27 '19 at 19:26
  • dear all - is it something that cant be achieved ? – shalom Aug 27 '19 at 19:35
  • 2
    Uninformed guess, but perhaps you need to restart ssh-agent after changing the entry? – Harry Johnston Aug 27 '19 at 19:55

2 Answers2

2

Keep the first token (the IP address and port) and replace the rest with that from some other hosts's fingerprint in the same file.

Just tested it and it does indeed get me the error you're looking for.

  • This is a nice answer!. once I tried to change some characters in the fingerprint and it didn't. this hack worked like charm – Jabir Ali Feb 04 '22 at 12:55
1

Note, I haven't tested this, but it should work.

To trigger the warning (WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!) you could change priv/pub key pair server side as well, that has the added benefit you only need to do configuration change on a single host, and the change will apply to all connecting clients, whereas if you only make config edits clientside for known hosts (/home/user/.ssh/known_hosts), you need to do it on every client you want to display the warning on.

On the server in /etc/ssh/sshd_config you find an entry like

HostKey /etc/ssh/ssh_host_ed25519_key

Generate a new keypair on the server to replace the old:

sudo ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519

The key is most likely loaded fresh on the server for every client connecting, if not, restart the sshd.

See sshd_config documentation about HostKey

Quote:

Specifies a file containing a private host key used by SSH. It is possible to have multiple host key files. The default is /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for SSH protocol version 2.

NordicViking
  • 251
  • 2
  • 4