Hi, occasionally when I reboot my server in rescue mode, Core Shell no longer can connect to it, showing Warning: remote host identification has changed. I have installed Core Helper and under Advanced option for my connection I selected ask for UserKnownHostsFile and StrictHostKeyChecking.
Tried different configuration options under Known Hosts but can not get Core Shell to ask me to update host key. Only option I got is manually edit known_host file every time I reboot a server in rescue mode.
Am I doing something wrong or Core Shell does not have this option to automatically detect change in fingerprint and requests user to allow ore deny connection to changed host?
Core Shell embedded a full-featured OpenSSH,
UpdateHostKeys directives comply with ssh_config specification.
If this flag is set to
ask (the default), new host keys will be added to the user known host files only after the user has confirmed that is what they really want to do, and ssh will refuse to connect to hosts whose host key has changed.
If your host key changed in rescue mode, both Core Shell and OpenSSH will reject to connect in all cases. Unless you set to
off, be deliberate in doing this though.
UpdateHostKeys is another story. It provides a mechanism to allow remote server send replacement host keys before old ones are removed. It requires extra config in server side in advance.
As compromise, I recommend you remove the host key entry by using command:
ssh-keygen -R [hostname or IP address]
This still requires you remove the host key manually, but at least no trivial editing matters.
Thanks for your replay and help!