Updating known hosts
Offending ECDSA key in ~/.ssh/known_hosts:42 ECDSA host key for [edu]:122 has changed and you have requested strict checking. When I log in from termserv to any other servers, ssh asks me to verify the host fingerprint. If I immediately log out and log back in, this happens again.
Mentioned here: gossamer-threads.com/lists/openssh/dev/45349#45349 ssh onto a local network then...It is also possible that a host key has just been changed.The fingerprint for the ECDSA key sent by the remote host is SHA256:se FT9e IOm AZWbfc O9y U1s Xi EYIqcrdi0qttbtm Nm0Io. Add correct host key in ~/.ssh/known_hosts to get rid of this message.The fingerprint for the RSA key sent by the remote host is [...]. Add correct host key in /home/sward/.ssh/known_hosts to get rid of this message.Offending RSA key in /home/sward/.ssh/known_hosts:86 RSA host key for [...] has changed and you have requested strict checking. ") suggests that there should be some way to add the correct host key without removing the old one. Do you have one IP address that floats between distinct hosts or something?They use DHCP on a local network and my router always reused the same IP since the MAC address was the same.
I've solved it by using different domain names in my hosts file: The known_hosts file saves fingerprints by host name so even though it is the same IP address, each unique host name gets a different entry.
yes Bitbucket hosts only allow Git and Mercurial to make SSH connections.
The first time you access Bitbucket using the SSH URL, your SSH client checks to see if the Bitbucket host is a known host.
Enter passphrase for key '/home/me/.ssh/id_rsa': Welcome to Ubuntu 12.04.2 LTS (GNU/Linux 3.2.0-23-generic x86_64) ... strace -o sshtrace ssh localhost write(4, "The authenticity of host 'localh"..., 200) = 200 read(4, "y", 1) = 1 read(4, "e", 1) = 1 read(4, "s", 1) = 1 read(4, "\n", 1) = 1 rt_sigaction(SIGALRM, , NULL, 8) = 0 rt_sigaction(SIGHUP, , NULL, 8) = 0 rt_sigaction(SIGINT, , NULL, 8) = 0 rt_sigaction(SIGQUIT, , NULL, 8) = 0 rt_sigaction(SIGPIPE, , NULL, 8) = 0 rt_sigaction(SIGTERM, , NULL, 8) = 0 rt_sigaction(SIGTSTP, , NULL, 8) = 0 rt_sigaction(SIGTTIN, , NULL, 8) = 0 rt_sigaction(SIGTTOU, , NULL, 8) = 0 close(4) = 0 open("/dev/null", O_WRONLY|O_CREAT|O_APPEND, 0666) = 4 fstat(4, ) = 0 ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7ffff63c12c8) = -1 ENOTTY (Inappropriate ioctl for device) mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc734b64000 fstat(4, ) = 0 lseek(4, 0, SEEK_END) = 0 write(4, "|1|qc JVRUE6Ilxxxxx Bvj Bg Hiiov4/8=|"..., 222) = 222 close(4) = 0 munmap(0x7fc734b64000, 4096) = 0 write(2, "Warning: Permanently added 'loca"..., 76) = 76` Never seen puppet do anything like that. If I didn't want a record of where I connected, that would be one way to do it.
I've tried a search for some of those phrases in the Open SSH web CVS repo, but didn't find it via google site: searching. You might look at your logs for weirdness involving ssh, sudo (to edit ssh_config).
My work on Free BSD AMIs for EC2 has made me even more sensitive to the irritation of host key checking, since building a set of AMIs for the 7 EC2 regions involves launching and SSHing into no less than 20 virtual machines.