SSH error in connection to a new Domain

Question

I was already able to connect to the server via ssh properly. But recently after changing the server fixed-IP address and domain name, I cannot connect to the server by DNS name. Despite, I can ssh to the server with its IP address. The error of ssh with domain name is the following:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The DSA host key for example.com has changed,
and the key for the corresponding IP address X.X.X.X
has a different value. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/.ssh/known_hosts:10
  remove with: ssh-keygen -f "/home/.ssh/known_hosts" -R X.X.X.X
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the DSA key sent by the remote host is
*:*:*:*:*:....
Please contact your system administrator.
Add correct host key in /home/.ssh/known_hosts to get rid of this message.
Offending DSA key in /home/.ssh/known_hosts:11
  remove with: ssh-keygen -f "/home/.ssh/known_hosts" -R example.com
DSA host key for example.com has changed and you have requested strict checking.
Host key verification failed.

Answer 1

The answer is in the question:

ssh-keygen -f "/home/.ssh/known_hosts" -R example.com

You will get more info on the first google hit for the big message. WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

Answer 2

You should remove line 10 from your known_hosts because the system signalized you about the problem Offending key for IP in /home/.ssh/known_hosts:10

Answer 3

I moved my ~/.ssh/known_hosts file and retried it worked. I guess the effect will just confirmation prompt for future connections, for the hosts that are there in known_hosts

Answer 4

I encountered the same problem.

I think the problem is that the item recorded in the "known-hosts" does not match something of the remote host(sorry, I don't know what the something is).

In my case, I just deleted the item in "known-hosts" according to the IP address of the remote host and ran ssh command again. Then it worked.

Answer 5

If you have got a backup of your /etc/ssh directory and want to restore it, just use

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no user@hostname

for connecting once without checking.

Source: ssh man page

Answer 6

I faced same problem when I tried to do a pull.

Fix: I deleted .ssh/known_hosts file on my system and retried pull, it worked.

Why this happened: We had a gitlab migration. known_host file store gitlab ip, so it was not able to establish connectivity with existing host.

Answer 7

Just follow what is suggested.

sudo ssh-keygen -f "/root/.ssh/known_hosts" -R ip

sudo ssh-keygen -f "/root/.ssh/known_hosts" -R host

These commands will remove old fingerprints, and then you will be asked:

The authenticity of host 'host (ip)' can't be established. ECDSA key fingerprint is SHA256:YrD+1E4JmdeObwEyQW3zGqNhXE//64MMZrHHaInE7w0. Are you sure you want to continue connecting (yes/no)?

Write "yes" and you will see such message:

Warning: Permanently added 'host,ip' (ECDSA) to the list of known hosts.

This will create new fingerprint in the /root/.ssh/known_hosts file.

Answer 8

For me, it couldn't find the file so I had to flip the file path and domain name like so:

ssh-keygen -R example.com -f ~/.ssh/known_hosts

Answer 9

Just delete the known_hosts file

$ rm .ssh/known_hosts
$ ssh ras.mydomain.com

Try connecting with ssh again

ssh username@server-ip-here