Raspberry Pi — Networking: ECDSA Key Error
ECDSA key warning/error (tutorial)
This blog post is part of my larger series related to different tools and manipulation that I have used and applied while tinkering with my Raspberry Pi .
I plan on continuing my focus on Networking for my next few blog posts— starting right now with ECDSA KEY errors, then explain how to setting up a Static IP address for my Pi to simplify port forwarding.
A common issue that I have encountered a lot while managing multiple raspberryPi’s on my network are ECDSA HOST KEY ERROR. I will describe a simple way to reset your computer’s association between the two devices that you are trying connect.
To my knowledge, this is a common error across network connection when devices get assigned different IP addresses by the routers.
ECDSA Keys are used for digital authentication — and stands for Elliptic Curve implementation of DSA (Digital Signature Algorithm). WIKI
It was accepted as an encryption standard in 1998 and 2000 by the ANSI (American National Standards Institute), the IEEE (Institute of Electrical and Electronics Engineers) and NIST (National Institute of Standards and Technology) .
“Unlike the ordinary discrete logarithm problem and the integer factorization problem, no subexponential-time algorithm is known for the elliptic curve discrete logarithm problem. For this reason, the strength-per-key-bit is substantially greater in an algorithm that uses elliptic curves.”
subexponential-time are “algorithms whose running time grows faster than polynomial-time, and more slowly than exponential-time.”
Now back to our errors. The “Remote Host Identification has changed!” warning.
They looks like this:
The SOLUTION is to remove the previous ECDSA key that your computer has associated to the local IP address that you wish to connect to.
Those associations reside on your computer in the known_hosts file at the following path:
Which basically looks like this without my censuring and reformatting.
We will use a tool called SSH KEYGEN to simply erase that IP association.
“ssh-keygen is a standard component of the Secure Shell (SSH) protocol suite found on Unix and Unix-like computer systems used to establish secure shell (SSH) sessions between remote computers over networks, through the use of various cryptographic techniques.” .Wiki
This tool generates, manages and converts authentication keys for SSH on your computer.
Check out more commands for the SSH KEYGEN component, here: https://www.freebsd.org/cgi/man.cgi?query=ssh-keygen&sektion=1&manpath=OpenBSD+3.9
We will be using the REMOVE function of the ssh keygen tool to erase the IP/ECDSA association in the know_hosts file.
Type the following in your terminal:
If you simply want to remove all known keys you can you this:
Pretty simple !!!
My next blog entry will be on how to setup a STATIC IP ADDRESS for raspberry Pi’s or any device running Unix based operating systems.
Followed by an entry on Port Forwarding to enable SSH connection over the internet.
Bonne journée à vous.