It always bugged me that the choice was to either disable or manually edit an obscure file, so I was happy to find that you can delete stale entries from commandline:On 11/12/2013 07:47 AM, Miroslav Suchý wrote:
2) if you know that some machines change fingerprint and you *trust it* you can do:
~/.ssh/config:
Host 192.168.1.1
UserKnownHostsFile /dev/null
ssh-keygen -R hostname
Admittedly, this is pretty obscure and I think it would be a better idea if SSH directly allowed an override, perhaps like this:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 23:00:21:33:d4:0f:95:f1:eb:34:b2:57:cf:3f:2c:e7. If you think it's safe to override this check, you can connect this time [o] or delete the current host key before connecting [O]: