Resolve SSH Login host key verification failed

Using SSH to log on to a machine, sometimes because of some changes on the server side, the following information appears:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ warning:remote HOST Identification has changed! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT is POSSIBLE this SOMEONE is DOING SOMETHING nasty!
Someone could is eavesdropping on your right now (Man-in-the-middle attack)!
It is also possible, the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
50:e6:cb:58:bc:b7:a3:f6:e8:8f:46:a7:c1:5f:c2:df.
Please contact your system administrator.
Add correct host key in/home/cobyeah/.ssh/known_hosts to get rid of the this message.
Offending key In/home/cobyeah/.ssh/known_hosts:7
RSA host key for 192.168.0.4 had changed and you have requested strict checking.
Host Key verification failed.

(here do not mention the principle, only the treatment method, need to understand the reason of the message or find other information)

At this time, there are 3 kinds of treatment methods:
1. Delete the message, the corresponding number of lines, such as the above example, you need to delete the/home/cobyeah/.ssh/known_hosts file on line 7th.

2. Delete the entire copy of the/home/cobyeah/.ssh/known_hosts file.

3. Modify the configuration of the/etc/ssh/ssh_config file and the problem will not occur again in the future stricthostkeychecking No
userknownhostsfile/dev/null

The following is a brief talk about the principle of this problem and the longer-term solution.
Anyone with OpenSSH knows that SSH will record every public key you have accessed your computer in ~/.ssh/known_hosts. The next time you access the same computer, OpenSSH checks the public key. If the public key is different, OpenSSH warns you against attacks such as DNS hijack.
The public_key of SSH to the host is based on the StrictHostKeyChecking变量来配置的。默认情况下， StrictHostKeyChecking=ask。简单所下它的三种配置值：
1. StrictHostKeyChecking=no  
#最不安全的级别，当然也没有那么多烦人的提示了，相对安全的内网测试时建议使用。如果连接server的key在本地不存在，那么就自动添加到文件中（默认是known_hosts），并且给出一个警告。
2. StrictHostKeyChecking=ask  #默认的级别，就是出现刚才的提示了。如果连接和key不匹配，给出提示，并拒绝登录。
3. StrictHostKeyChecking=yes  # Most secure level, and if the connection does not match the key, the connection is rejected and the details are not prompted.

For me, some tests conducted in the intranet, for convenience, choose the lowest level of security. Configured in. ssh/config (or/etc/ssh/ssh_config):

/dev/NULL

(Note: Here for the sake of simplicity, the knownhostfile is set to/dev/null, it is not guaranteed to exist in the known_hosts)

< Span style= "color: #454545; font-size:14px; line-height:21px; Font-family:arial, Helvetica, SimSun, u5b8bu4f53; > SSH Logon failure: How to handle the Host key verification failed

Question 1:
SSH Login failed: Host Key verification failed
######################################
Because the public key is different, unable to log on, the message is that key validation failed.
The workaround is to:
In the/root/.ssh/known_hosts file, the original public key information can be deleted.

SSH report "Host Key verification failed." In general, there are several possibilities for this error:

1. The target host key value in Ssh/known_hosts is not correct. This is the most common situation, as long as the deletion of the corresponding host record can be restored to normal.

Run command: sudo rm/home/yourname/.ssh/known_hosts

2... ssh directory or. ssh/known_hosts the permissions for the current user are not set correctly. This situation is relatively small, generally correctly set read and Write permissions can also return to normal.
3./dev/tty does not release read and write permissions to other users. This situation is extremely rare. The phenomenon is that only the root user can use the SSH client, and all other ordinary users will get an error.
I met today is the third situation, after modifying the permissions of/dev/tty, everything is normal. To avoid forgetting the workaround later, record here.

Question 2:
Ssh_exchange_identification:connection Closed by remote host
##################################################
Workaround:
Modify the/etc/hosts.allow file to add Sshd:all.

Description of the related configuration of the characters: Vi/etc/ssh/ssh_config
-------------------------------------------------
The following line shows the option settings above:
Host *: The option "host" is valid only for computers that can match the following string. "*" means all computers.
Forwardagent No: "forwardagent" sets whether the connection is forwarded to the remote computer through the authentication agent (if present).
ForwardX11 No: "ForwardX11" sets whether the X11 connection is automatically redirected to a secure channel and display set.
Rhostsauthentication No: The "rhostsauthentication" setting uses rhosts-based security authentication.
Rhostsrsaauthentication No: The "rhostsrsaauthentication" setting uses rhosts-based security authentication with the RSA algorithm.
Rsaauthentication yes:rsaauthentication "Sets whether to use the RSA algorithm for security verification.
Passwordauthentication Yes: the "passwordauthentication" Setting uses password authentication.
Fallbacktorsh No: "Fallbacktorsh" setting if an error occurs with SSH connection is automatically using RSH.
Usersh No: "Usersh" sets whether to use "Rlogin/rsh" on this computer.
Batchmode No: "Batchmode" if set to "Yes", the Passphrase/password (interactive input password) prompt will be disabled. This option is useful for script files and batch processing tasks when passwords cannot be entered interactively.
Checkhostip Yes: "Checkhostip" sets whether SSH views the IP address of the host connected to the server to prevent DNS spoofing. The recommended setting is "yes".
Stricthostkeychecking No: "Stricthostkeychecking" if set to "Yes", SSH will not automatically add the computer's key to "$HOME/.ssh/known_hosts" file, And once the computer's key has changed, it refuses to connect.
Identityfile ~/.ssh/identity: "Identityfile" sets the file from which the user's RSA Security authentication identity is read.
Port: "Port" is set up to connect to the remote host.
Cipher blowfish: "Cipher" sets the password for encryption.
Escapechar ~: "Escapechar" sets the escape character.

Resolve SSH Login host key verification failed