EIPが設定されているインスタンスを別のインスタンスに変更し、SSHにて、そのIPアドレスにアクセスすると、下記のように接続拒否されることがあります。
$ ssh -i suz-lab_ap-northeast-1.pem -l root xxx.xxx.xxx.xxx @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx. Please contact your system administrator. Add correct host key in /Users/suzuki/.ssh/known_hosts to get rid of this message. Offending key in /Users/suzuki/.ssh/known_hosts:5 RSA host key for xxx.xxx.xxx.xxx has changed and you have requested strict checking. Host key verification failed.
再び接続できるようにするためには、下記のように登録されている(EIPに対応している)公開鍵をリセットする必要があります。
▼ 確認
$ ssh-keygen -F xxx.xxx.xxx.xxx # Host xxx.xxx.xxx.xxx found: line 5 type RSA xxx.xxx.xxx.xxx ssh-rsa XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
▼ リセット
$ ssh-keygen -R xxx.xxx.xxx.xxx /Users/suzuki/.ssh/known_hosts updated. Original contents retained as /Users/suzuki/.ssh/known_hosts.old
そして、再びSSHで接続すると、今度は無事ログインすることができます。
$ ssh -i suz-lab_ap-northeast-1.pem -l root xxx.xxx.xxx.xxx The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established. RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'xxx.xxx.xxx.xxx' (RSA) to the list of known hosts. Last login: Thu Aug 11 13:14:08 2011 from xxx.xxx.xxx.xxx
