IMHO It's not a good idea (see below).
The following command will remove the offending key of your host from the known_hosts
ssh-keygen -R <host>
e.g. ssh-keygen -R my_old_client
Why this is not a good idea can be argued from man ssh
(searching down you can read):
Additionally, the server must be able to verify the client's host key (see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts, below) for login to be permitted. This authentication method closes security holes due to IP spoofing, DNS spoofing, and routing spoofing. [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the rlogin/rsh protocol in general, are inherently
insecure and should be disabled if security is desired.]
Some words more: if ssh
prompt you that the machine key it is changed usually it is because you reinstalled ssh on that machine, or maybe you forced a rebuild of the keys. However it's not anymore the ssh key that was used last time... it can be another computer that try to take that identity. If you are sure it's the same computer you can remove / update the offending key and go ahead.
Always from man ssh
about how does it works:
ssh automatically maintains and checks a database containing identification for all hosts it has ever been used with.
Host keys are stored in ~/.ssh/known_hosts in the user's home directory. Additionally, the file /etc/ssh/ssh_known_hosts
is automatically checked for known hosts. Any new hosts are automatically added to the user's file. If a host's identification ever changes, ssh warns about this and disables password authentication to
prevent server spoofing or man-in-the-middle attacks, which could otherwise be used to circumvent the encryption.
The StrictHostKeyChecking option can be used to control logins to machines whose host key is not known or has changed.
from man ss i not see they wrote known_host – maihabunash – 2015-02-13T13:02:44.837
is it better to do StrictHostKeyChecking no in ssh config? – maihabunash – 2015-02-13T13:04:40.603
People usually do not reinstall
ssh
purging the key so often. If you correct one time the problem when it happens you will not face this problem again (at least for a long while) and you will not compromise the security. Updated answer – Hastur – 2015-02-13T13:13:12.157StrictHostKeyChecking no and UserKnownHostsFile /dev/null will do the job , what you think? with this conf the file will stay empty – maihabunash – 2015-02-13T13:23:28.170