On Fri, 2010-05-28 at 09:19 -0400, John A. Sullivan III wrote: > On Fri, 2010-05-28 at 14:45 +0200, François TOURDE wrote: > > Le 14757ième jour après Epoch, > > Dotan Cohen écrivait: > > > > > As I regularly format my test box, I often get stuck SSHing into it, like > > > this: > > > > > > $ ssh u...@domain > > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > > > Someone could be eavesdropping on you right now (man-in-the-middle > > > attack)! > > > It is also possible that the RSA host key has just been changed. > > > The fingerprint for the RSA key sent by the remote host is > > > --:--:--:--:--:--:--:--:--:--:--:--:--:--:--:--:--:--:--:-- > > > Please contact your system administrator. > > > Add correct host key in /home/user/.ssh/known_hosts to get rid of this > > > message. > > > Offending key in /home/user/.ssh/known_hosts:44 > > > RSA host key for domain has changed and you have requested strict > > > checking. > > > Host key verification failed. > > > > > > > > > > > > Now, I need strict checking but I'd like to just remove line 44 from > > > ~/.ssh/known_hosts. Easy to do in VIM, probably even easier to do in > > > sed or awk. But I've been reading sed and awk tutorials for two hours > > > and I cannot figure out how to remove line N from the file without > > > creating a second file. If I'm already going through the hassle of > > > creating then moving a second file then I might as well just edit the > > > file in VIM. > > > > > > Any ideas? > > > > Don't use sed nor awk... > > > > man ssh-keygen say: > > > > -R hostname > > Removes all keys belonging to hostname from a known_hosts > > file. This option is useful to delete hashed > > hosts (see the -H option above). > > > > > Yes, exactly. We use that all the time for similar reasons. One caveat > - if you use a non-standard port (which we regularly do for security > with such a dangerous application), the host must be specified as > [hostname]:port, e.g., ssh-keygen -R [comp1.mycompany.com]:222 > > > I might also mention that this is about the only way to do it if you are using hashed known_hosts files - John
-- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1275052854.3501.9.ca...@localhost
