How to bypass RSA-Certificate forced verification in SSH when testing multiple accounts

An annoyance, though good in principal, is when you try to access servers remotely using SSH and your certificates are all mucked up.  Meaning that you are trying credentials with one user (which has a paired certificate) on system A, and try to use a different set of credentials on that same system.  You get the following error:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: POSSIBLE DNS SPOOFING DETECTED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for [yoursite].org has changed,
and the key for the corresponding IP address yy.yy.yy.yy
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
[RAS KEY Fingerprint here]
Please contact your system administrator.
Add correct host key in /Users/___/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/____/.ssh/known_hosts:3
RSA host key for [YourSite].org has changed and you have requested strict checking.
Host key verification failed.

You could clear out the offending certificate, but that defeats the purpose of the paired certificate if you are just testing different accounts.  The best solution is the following, that I found at this site with an excellent write-up.  Check it out… very good write-up!

This method tricks SSH by configuring it to use an empty known_hostsfile, and NOT to ask you to confirm the remote host identity key.

$ ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no peter@192.168.0.100
Warning: Permanently added '192.168.0.100' (RSA) to the list of known hosts.
peter@192.168.0.100's password:
Advertisements

About pcidss

Proficient in IT Controls, IT Security, and Risk management. My recent interests lie in the credit card security and protecting identities. This blog will reflect the past, current, and future best steps to securing data (specifically in the context of PCI DSS, and DSOP)
This entry was posted in diy and tagged , , , , , , , . Bookmark the permalink.

17 Responses to How to bypass RSA-Certificate forced verification in SSH when testing multiple accounts

  1. Danelle says:

    These are really enormous ideas in about blogging.

    You have touched some fastidious things here. Any way keep up wrinting.

  2. Harvey says:

    Hey there! This post couldn’t be written any better! Reading through this post reminds me of my good old room mate! He always kept talking about this. I will forward this write-up to him. Pretty sure he will have a good read. Thank you for sharing!

  3. Osvaldo says:

    Hi there would you mind stating which blog platform you’re using? I’m going to
    start my own blog in the near future but I’m having a tough time making a decision between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your design and style seems different then most blogs and I’m looking for something unique.

    P.S Apologies for getting off-topic but I had to ask!

  4. Silke says:

    Excellent blog post. I certainly appreciate this site.
    Keep writing!

  5. Serena says:

    It is the best time to make a few plans for the future and it is time to be happy.

    I have learn this put up and if I could I wish to
    counsel you few fascinating things or advice. Perhaps you could write next articles regarding this article.
    I wish to learn more issues approximately it!

  6. Julianne says:

    I am not sure where you are getting your information, but great topic.

    I needs to spend some time learning more or understanding more.
    Thanks for excellent information I was looking for this information for my mission.

  7. Hello there, just became alert to your blog through
    Google, and found that it’s truly informative. I’m going to watch out for brussels.
    I’ll be grateful if you continue this in future. Lots of people will be benefited from your writing. Cheers!

  8. Hi! I’m at work surfing around your blog from my new iphone 3gs! Just wanted to say I love reading your blog and look forward to all your posts! Carry on the great work!

  9. What’s up to all, because I am really eager of reading this web site’s post to be updated daily.
    It includes pleasant information.

  10. Jeanne says:

    I think that is one of the such a lot vital information for me.
    And i’m satisfied reading your article. But wanna statement on few normal things, The website taste is ideal, the articles is actually great : D. Good activity, cheers

  11. freê porn says:

    I am sure this post has touched all the internet viewers, its
    really really good piece of writing on building up new webpage.

  12. It’s going to be end of mine day, however before ending I am reading this great paragraph to increase my knowledge.

  13. If some one desires to be updated with hottest technologies
    then he must be visit this site and be up to date every day.

  14. cam site says:

    Awesome article.

  15. Tonya says:

    Hi there! This is kind of off topic but I need some guidance from an established blog.
    Is it hard to set up your own blog? I’m not very techincal but I can figure things out pretty quick. I’m thinking about setting up my own but I’m not sure where to start. Do you have any tips or suggestions? Thanks

  16. My partner and I stumbled over here by a different
    web address and thought I might as well check things out.

    I like what I see so i am just following you. Look forward to going over your web page again.

  17. Moncler Outlet Online Store. Cheap Moncler Jackets, Moncler Coats and Moncler Vests
    michael kors outlet online http://www.billcost.gr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s