Mac OS X Server 10: Unable to Connect to Server Using ssh After Erase/Reinstallation
An Administrator may not be able to connect to the server using ssh after the server software has been reinstalled due to hard drive replacement or for another reason.
Products Affected
Mac OS X Server 10.3, Mac OS X Server, Mac OS X 10.0
Symptom
The administrator can no longer administer the server remotely using ssh, and receives warnings about a possible attack. In the warning, the administrator sees reference to the RSA key no longer matching. The warning text also includes these lines:
Solution
This is normal behavior and is to be expected. The issue occurs when the RSA key fingerprint on the server and your admin computer no longer match. Follow these steps to correct this issue:
You are now logged in to the server. Your admin computer and the Servers RSA keys now match again.
The administrator can no longer administer the server remotely using ssh, and receives warnings about a possible attack. In the warning, the administrator sees reference to the RSA key no longer matching. The warning text also includes these lines:
- WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
Solution
This is normal behavior and is to be expected. The issue occurs when the RSA key fingerprint on the server and your admin computer no longer match. Follow these steps to correct this issue:
- On the admin computer (Mac OS X client computer), choose Go to Folder from the Finder's Go menu.
- Type in the path name to your home folder adding /.ssh to the end of the path.
example:
/Users/username/.ssh where username is your short name.
- Inside the .ssh folder, open the known_hosts file.
- Locate the Servers IP and or its fully qualified Domain name and delete it and the associated characters.Example:
example.example.com,192.104.192.118 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAutfhNudfF+zZ00dyrU5O7/Y1wYh+khVJTSlNLqFROuvkmsB39Y8/q47cQzdFqRfxsAlirDQKWW2xfr8qAKormuz7fT7so1myuanG24IYPwWmnZdLa3MdQ2zrWDkw672TZUTPBErrZYetej+KnU500mOcvdHjsj0SyPkqVRdPAXs=
Note: These characters can wrap to several lines.
- Save and close the file.
- Log in to the Server via shh. You will see the following message:
The authenticity of host 'example.example.com (192.104.192.118)' can't be established. RSA key fingerprint is (followed by a large Hexadecimal number) Are you sure you want to continue connecting (yes/no)?
- Type yes. You will then see this alert message, followed by a password prompt:
Warning: Permanently added 'example.example.com,192.104.192.118' (RSA) to the list of known hosts.
- Type in your administrator's password.
You are now logged in to the server. Your admin computer and the Servers RSA keys now match again.