SSH, RSA Host key verification failed in FreeBSD

Hari ini, saya mencoba meremote server A dari server B yang memakai OS FreeBSD. Namun, pada saat saya memasukkan perintah:

Z# ssh heroe@192.168.1.3

Muncul pesan error dibawah ini:

Z# ssh heroe@192.168.1.3
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
47:20:40:27:52:7f:17:44:43:09:e5:af:ba:d8:ec:0e.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:7
RSA host key for 192.168.1.3 has changed and you have requested strict checking.
Host key verification failed.
Z#

Usut punya usut, ternyata RSA atau enkripsi public key dari mesin saya sudah ganti. Dan memang server 1.3 punya saya sudah ganti ke server yang baru. Jadi harus diganti host keynya. Cara tercepat dan akurat adalah menghapus host key yang lama, dan saat kita akses mesin 1.3 yg baru maka sistem akan otomatis men-generate host key yang baru. Caranya adalah:

1. Edit file /root/.ssh/khown_hosts maka akan muncul data-data dibawah ini:

Z# vi /root/.ssh/known_hosts
192.168.1.72 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRhMM01etoAeD9IUKTn6MNPVmqGcHCYgjVTV6JBDjW4iMhJ07vlUvmSOjSY9Hl60UKPvQoP+2pE/s1gSkiM+/qFkBT+Ulr7FnjOFIOfUnXaJnm/bfQag2
KKlchm4mS2aTvQt6ddaFY6/+Go5eXQ6ZFvJtmAPLPVfi02qSWXfpRyaapnxaxzoDBD0doNG0yVP38LInT3oPSTcQyAwshggzXaeTZkvBSZnuOZYMKCWvVekeBWdRLv/hrKQX4lSDNnrMx7We831LPskeo9Xc2GT3EKRSMTaZ
yEgHwNaCvo2lwov8Bt4Se/TP5hqk68QafWxpX2J3yiyimxvvkH9nFgR9z
192.168.1.8 ssh-dss AAAAB3NzaC1kc3MAAACBAIQLKySCuS05ghN02sMGNM+q8kbeE4GOsUYLe3unXoS0o5qmUBYZ3swwbte1Cun09VCL5gO2elvqG4/Kx5dy0rpN/68rTG/9sj5zTCqKyK3nXjFWsjNmu/OxzXlP9InM
24GRtHkWsImRzmh8dULOf4iTiG3SD1f9h+8ReYNvODU7AAAAFQDTS8OMfLfUHJIOqTQKYcFimFLbeQAAAIAPQSQh1dTtvfPle4ChT0aWyPmA2ipmnvZvG5XNU6OkwD5moVCDunJOfuOiRsktIUN39fekBoXXy/nO/9uULSBB
ENaJZFqPVkigEJXocMAGgsAzqOk/AEt+uqx3Cj9cW2KOG13e+6tIZSGelEkqXVyI813rV+5DLGuYbo/sg0+8ZgAAAIBF9cypXjOtZ2gc9zs862mKGzHheOdF2tDK3Pw3sjl4WSDvdSNeFswntip6yf3sRq5851UFnt2cL24M
rS3u4XfTQbYkQBdaRJO6y7670ByUwglh0z+pfAngCbt9lvUEanhmWnEX3SuiZO9X5op8/SeajbYGek4SruQVx5QhAIHrAg==
192.168.1.26 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD+9jRw4DdZq/V5YiSzozuvx8QX2mcJxGusgI9sezkTZXnvJGkuEIIt6pr+b/77qkZQ/GBWRuri5vNwueXxlQjMNHPh1ZpJDDA9BgOtPZWeaU+N7dJbkvq
yg3L/8wpJWOwe/ltTICbqkCgpiEte9XPRINZj98LjRvCLvTpD4FZBTPH0aTGSY5/s5TpYx4q+9QkeT+HHigJhBH2cT495LCjL3crsCJ0loxzFQGK6Bm7pgJDtNU+2vZ/NDYZ5mp+ZPrq7lC3YkG/XiKztFFqy6+vrrK9uafG
ob38Rrm0Ay6TUk36Qan7UA5gn6q4jgRer5r5naycjTag/NC2Kgz2ZtIGZ
192.168.1.116 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC95Q9Z4LMzWO4m7yWOUS0XF0qhxL33om4XReP9vjLsnGsVqfUu9wMFa3jVniT8ul7TrdDI9NDdkLQSE05wv3PmOX7+/JWmECf6zOnYgcGdC+ViMJ0Kyv
8jU8X2y243/6snVl9tsAhL6H2qsqkbiSeiZ4Yk5ufTuL+Ove4J4F7bMgWsHbWAVvP0qmH6ats9NiCZXvSGAoLHV7/ZQTQbRPh9QtxgW89QgfySNmQoWBgUj3/Z99qgG5i6VZHSzZNSakVJQi1yDR6Rq5OQiQdrHC+kUq+6JH
dO1cXiAMTRHPmK/foTjdob0oMVFYrj2m0JDltrTGIHceNrSsAJ7CZy6+Xz
192.168.1.166 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5RVI9HEhkdYx1VjZCu29rNaCToUQV3XDjCY2VwZ63sBDo2Hj10U86cUYOfaYIEDUNag7txMQd2262X2a434XtqKRU4ri5Zc9O/buxWbFtmBenr2EZrt
FaAQ8KuM5rVJJEVCahzl2jUnPXezjw5QVblkExbfFFga9DUsFJTjs84dza1jfvitobC/Bt7QB6clk395RkG+DcowEJWpEshWv6oTGsnX5q179ovLorxSJZzBuDxGDmyFe6aTOojEphBdODR6kz4YBt/TF5hVDJ843A1Hyqd4
lmaiFKoInu6PcqNa15dDroYXcVx97j1Va1uYmy8vq2uYiDpeYP5mE5Mm+F
[192.168.1.222]:443 ssh-dss AAAAB3NzaC1kc3MAAACBAPorXhk55QIUJuDyQSHy5UryrzpQk6zMVJSRGD+C1j+2F52IddrKhSukKTWilLVRhF0zGH7+vfSEzbJREKcbJQ4P65zxYeKfrKLn1rn4JbQhrY0hm4a1RDPl
3wAlkylbuPjSAy4fO2C9IWMDgfC86lxjXsFZd99hviuLcJqox7XNAAAAFQD9Ph8x8+JowYaCFM+HwBZcIKoGWwAAAIBCYxsRLBZPAH5pE99wEY1lqIJuBUB9QvbiMJqlI6K0QrUHNFmdXzW1jYPSsDbJYhsQlqEdnKwN5O4O
cJ0l7qfHBeMtbJM30yzZb5BvI733F/xtomTwK4bHbC9QGof53chIMze/m0JY6faaXtG0QfMh7vsBK5k/+TwVQTeuO1GYHwAAAIEA3P90QWCKMqWPpaodtXBjWkZDBDtSpfDn4xXK418X3kBtnY+XHqq8FQYdwhBJ5v+7PAeb
KMfFm0EOkRQ1zf3WFIp9K3QOewBbHdErfMps3zHr8UJkUZITK76OSWuj9lPrypBgWVkpFVL/pF2kL/X++yHfNwnxnJJPVddjyssAgMU=
192.168.1.2 ssh-dss AAAAB3NzaC1kc3MAAAEBAKubaByQK/Hr3tbunJUhlWO3Jc28qVm0Xck3rrhPx9cAhss1uPsj77q7b6qLfber4JG89aQE8I1YTdzqHlP9JYgYo0fvs9ww1AV3PV2WclzzR2irXDbxKYZmJzw383e1
o74XrC6hA+gQJE3W6aQZ7HmlX/atCRozeE8spqhtT5sRMeEyiAWj/f6V4VbyynACWAZHKC5GW/kw2OqeJp6xp4Bm/Huec+Rd1Wy4OspBs6JdhquIx5bzAs78TLumDuyawCrZarexzRBlL+5uPT6e/6n1pdju5XdaivrAcwvQ
ASHHgPS1HRrdCMgpkfYcL08UBSB/t7ArKDGLHSLGCwyqaHMAAAAVAJoPQogyxMXmUoZ41Uox2AAlwQBHAAABAB1kE58f/FmoZYfsMefPMOi/6rZVdZjsyoFZkBRSGN9yJOE5wjqKrhVMffBYqqUXVU4ys/HeDl0K0mabrk/Q
T+vxkRKTnTzeJV46wX/oWo4Qc7umYw+jxLuHtGNJcd2EpWA+ZkEFPxbrSEfSGuJHpL6IIFQjTEuzt0BMpFxWExrCWqt4BvQuj+TuroxbOSDkuWdXyAPAhyypTKZde+rPWE7OqgKhMrKD/7u2JxY+roCAL6yGHkIssajCYPJN
IZRC8E7Vl4XCLfht/1X9X5IoKuYaA68X5zCV0Lsv5zkEEV5krVYzmC/NHN67w6Y+nYocMRVlm3nIkPiFTWStVsee5VYAAAEADDbsv6F2khi58Ww/3f1EMS2EOCLq4p/itKEyQzxfbZkFnIwsMLtdWDq/j0cQoHRgUl5BhxLR
DjSivyJ+wBNbBzXQr6M2xrXghrOkJMI4kf1bZ93hn8KYAhtnYZN53tebOpMy+n1w2jdARtnQUbVz4SPnL8Be5feGGiqzkxfVIOI6bUlpLQOb9ULDsDMhtnrlbkrb/+kkPw6QK8jwaONKoTqAaojIM2BMFUkTZFdmHeJ+W7tH
+tOEO/wo24jeYZXUTGJG2BN0NpfRzrA9Ht3hVJiHIfi49kgyOd2JBV0buPKvudymOY7jzQw7LEC9Jie7qOtocbiNZ+f9ibK+K/wPUQ==
192.168.1.17 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAn3bTDzs1VB1NvazwH7oUAG0/8Sf+bb6YhP8u32fXt/OQxQlc9vD1GfG9D93rEdLBE5ThPuEhL1ZLPd3lxkwDcugsXcrFobPttJgspGQvVQAIhL3PZ0GdpQp
+Gfkv7kuvp9aVVffatDKRAFrrKGWzTtXLI5VXIDOmlZsnnPb8xU0=
192.168.1.212 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuct74M0VrHIK2HQJgobPP4dFfUNoyuSXChwUhRy6wht43irVm4Z2NhHjqTDuHjUdJpScFXiYrHCFkbtka9fLnYFNYTGYS4GoigilLmEMmZWZH5GtsTt2ua
7uVjNxdhXeBoLpmK5FCAYhc7DCIMRQXBQRQrrrqlnKE81fFyrnJ0nTOjobGg0GwZ27f3c8sVZy/HEQu0BeVC5F5yTpeQgG2lFHzVqUCVblROzAuzzmxvwEKkWhQxtlwL22UhNa6um3v/vqss67MIeIPi2My+QGqBNuzaoJeR
i27Gj23bhffb89pNUQ1zV8i4EWohgBkh5RBF4eclGtGWclpE8C0LfhwQ==
192.168.1.69 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7HJbKKjgZJ42chc1z29+PE9evTkPEiduFY9JGLOPoq7OR/mW3G1V16B7CbE1DK938kenrSW8XlLBvsexoO8H46rVXOzNjWKsd5e0v1mhPxtZm13hFX/E
Ocs19/druL51S4dYvSCygH9VdYxrU6zU9l15eCcO/YKWsl3HLbm4k6UB1JB9H0Q2M29wBpdoH4vZLXV9bgcvlSL5CsVTVcB/EGEP2w28CRgwgap19WI54k3nzCpIr+/xd8j3VohGFLRLJnXy1hND81v4s+JjS1ZNfAuf2h23
dcEsdesJ56piSc5Nlb3yHZIF2YfroIOgFTecxIjilrwuTNVeZoexOvDZz
192.168.1.234 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAYxhajZqUyiPwuZXUBk3NTgGs3AqlfXf2YVU2ucolCJmbomiZPY/d1kCyfn1e5eoVgeXdkzW8WZTb8ahS8YNK31qsmR8mMOFp1OwPOoqilOLndYl/x9
xQ0NUX6taPPWRQ9uX0pPZUEagcimuNZtBwafG0fAyA35HgyGc+icnn9E7hUTp3EmJW3XEum3tmCqcyC3I02jnK/iIw7qVspjdQgLF4e4Wg2MxRdo1eGILYMWL3PyGMrf9xM3P1m7LYrhNEOfn9uqWYrA9rNpcPis8r2P0rNX
C6yP9udsFjxIS2lWYvF2p8BrTEzPEUfY6+2K0KVKQTbA4vfda+YO6TjbpD
192.168.1.25 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzEwomVYRb67Wq+Rc0aceWS4PWWYoDOsxNOwEn+qnrO1AbEIA8Kr2LghE15na0ECpMuavMxxlWntCbTUVtRNupaJE3eU46ON04vVJoi9uDsr6owNyplbq6uB
pk7boZ3DeFq6DhbHw6BQNOrT9fTcZyul/PEWji0Eb9WrwneBtb8anbOpF7zxcyaTeg/2YJ76ffkJVBLuBXfBKwp5a2VzdyWtsQ0B2Ey/qIqHQWdiiSMoxBujkEmV3xcNpLYdpWct5yPNdHontv4e+N7S0L6EL3TJM3lylvXY
F9cGHqcvaUTFFX43zKULpIQYqmBmJOH13dgm+OFEghry98G6yLEqBiQ==

—————- data di cut demi kenyamanan😀 ——————————–

Kita tidak usah pusing melihat data yang seperti (maaf) sampah itu, namun kita cukup melihat IP yang ada didepan tiap baris data tersebut. Kemudian hapus baris data IP tersebut, yang artinya akan menghapus host key dari server yang lama.

2. Simpan dan keluar dari editor.

3. Akses kembali server A dengan perintah:

# ssh heroe@192.168.1.3
The authenticity of host ‘192.168.1.3 (192.168.1.3)’ can’t be established.
RSA key fingerprint is 47:20:40:27:52:7f:17:44:43:09:e5:af:ba:d8:ec:0e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.1.3’ (RSA) to the list of known hosts.
Password:

Last login: Tue Jun 25 10:36:04 2013 from 36.76.217.8
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.

FreeBSD 8.1-RELEASE (GENERIC) #1: Sun Jan 9 15:53:52 WIT 2011

Welcome to FreeBSD!

Before seeking technical support, please use the following resources:

o Security advisories and updated errata information for all releases are
at http://www.FreeBSD.org/releases/ – always consult the ERRATA section
for your release first as it’s updated frequently.

o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and,
along with the mailing lists, can be searched by going to
http://www.FreeBSD.org/search/. If the doc distribution has
been installed, they’re also available formatted in /usr/share/doc.

If you still have a question or problem, please take the output of
`uname -a’, along with any relevant error messages, and email it
as a question to the questions@FreeBSD.org mailing list. If you are
unfamiliar with FreeBSD’s directory layout, please refer to the hier(7)
manual page. If you are not familiar with manual pages, type `man man’.

You may also use sysinstall(8) to re-enter the installation and
configuration utility. Edit /etc/motd to change this login announcement.

$

4. Anda sudah bisa masuk server 1.3.

Selesai.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s