1

I've got some large problems with my ruby on rails deployment on EY. Support has said I need to SSH in to clear the errors... but I get the following: 

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
80:4c:5f:dd:98:bb:cb:01:6c:a9:11:41:29:56:66:86.
Please contact your system administrator.
Add correct host key in /Users/jameshughes/.ssh/known_hosts to get rid of this message.
Offending key in /Users/jameshughes/.ssh/known_hosts:1
RSA host key for ec2-184-73-167-153.compute-1.amazonaws.com has changed and you have requested strict checking.
Host key verification failed.

[Process completed]

How do I add the correct key to the Known_hosts file?

womble
  • 12,033
  • 5
  • 52
  • 66
RedCuber
  • 97
  • 1
  • 3
  • 5

3 Answers3

11

Open up known_hosts in your favorite text editor, find the entry for "ec2-184-73-167-153.compute-1.amazonaws.com" and delete the entire line. The next time you ssh in, it will add the correct key to the known_hosts file.

Note that this error is for security purposes, so I'm assuming that you know that there is not a "man-in-the-middle" attack going on and that the server key has actually changed. If it has not, there might be something else going on.

jesse reiss
  • 4,509
  • 1
  • 20
  • 19
  • Thanks, so i did that, and now get: The authenticity of host 'ec2-184-73-167-153.compute-1.amazonaws.com (184.73.167.153)' can't be established. RSA key fingerprint is 80:4c:5f:dd:98:bb:cb:01:6c:a9:11:41:29:56:66:86. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ec2-184-73-167-153.compute-1.amazonaws.com,184.73.167.153' (RSA) to the list of known hosts. Permission denied (publickey). [Process completed] – RedCuber Jun 30 '11 at 19:16
  • @RedCuber: If the answer works, upvote it. You now have a new problem ("Permission denied"), so either amend your question or, preferably, submit a new one (since it's a very different problem to the one you had before). – womble Jul 01 '11 at 05:59
  • @womble - I'm a newbie, won't let me vote, otherwise i would have. Relax. – RedCuber Jul 05 '11 at 18:31
  • You can always vote on answers to your own questions. There wouldn't be any point otherwise. – womble Jul 07 '11 at 01:09
  • Also check that the known host is a valid host without slashes or the protocol prefix. – rxgx Apr 16 '12 at 19:11
0

To fix your "Permission denied (public key)" problem, you'll need to add your public key to engineyard via the Tools menu, then apply your changes to your environment (by clicking apply).

Hope that helps.

Bill Billingson
  • 353
  • 4
  • 8
-3

Update

Please see @womble's comment below and my reply. As @womble notes, if you use StrictHostKeyChecking no you will be open to man in the middle attacks. I've talked with EngineYard about this (last time I checked, StrictHostKeyChecking no was what they were recommending in their help documentation). I believe using StrictHostKeyChecking=ask is a better alternative. Does anyone else know if there is a better solution than using StrictHostKeyChecking=ask?

I ran into the same issue and this seemed to work for me. You just need to add "StrictHostKeyChecking no" to after "'~/.ssh/config'':"

Engine yard has a pretty good article on it. The Man in the middle issue is near the bottom. http://docs.engineyard.com/ssh-keys-and-configuration.html

Now when I SSH I still get the warning, but am able to access the server. I started getting the warning after I stopped and restarted my instance.

Oakland510
  • 1,073
  • 2
  • 12
  • 20
  • This isn't a good idea; checking the host key is done for a very, very good reason -- man in the middle attacks are trivial otherwise, and as a result you don't actually have a *secure* shell. – womble Jul 02 '11 at 08:40
  • Hi @womble. Good point. I understand that this method prevents security issues, but it is the official solution offered by engine yard. I've talked with engineyard and I believe StrictHostKeyChecking=ask would also work. The most secure option would be to remove the host key and start over. I think @RedCuber has run into a pretty common SSH issue with engineyard and will need to prevent engineyard from thinking their is a man in the middle attack. Perhaps the best way would be to use ask or to just start over with a new key. – Oakland510 Jul 05 '11 at 16:37
  • Remove the previous entry in `known_hosts` for your EC2 instance. – rxgx Apr 16 '12 at 19:09