"ssh-ed25519 host key mismatch for openwrt.lan !"

d-correa · January 18, 2023, 6:12pm

After OpenWrt reset to defaults I received a warning: WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

Like answered in this post,

I remove the warning by running ssh-keygen -f "/Users/hostname/.ssh/known_hosts" -R 192.168.1.1

Now I can ssh access OpenWrt normally.

But:

I`m trying to backup and restore OpenWrt according to this guideline: https://openwrt.org/docs/guide-user/troubleshooting/backup_restore

When trying to download the backup file by running scp root@openwrt.lan:/tmp/backup-*.tar.gz . I received the following message:


root@OpenWrt:~# scp root@openwrt.lan:/tmp/backup-*.tar.gz .

/usr/bin/dbclient: Connection to root@openwrt.lan:22 exited: 

ssh-ed25519 host key mismatch for openwrt.lan !
Fingerprint is SHA256:(KEY WITH 43 CHARACTERS)
Expected SHA256:(ANOTHER KEY WITH 17 CHARACTERS)

I already updated keys based on the 3 methods proposed in this post, but the error "ssh-ed25519 host key mismatch for openwrt.lan !" remains when trying to download the backup file.

How can I correctly update ssh-ed25519 host key for openwrt.lan?

lleachii · January 18, 2023, 6:16pm

Usually the client tells you, odd:

ssh-keygen -f "/home/<foo>/.ssh/known_hosts" -R "192.168.1.1"

Thats the command on Debian-based distros.

It should. It resolves to get the IP.

Verify nslookup openwrt.lan resolves to 192.168.1.1.

d-correa · January 18, 2023, 6:20pm

root@OpenWrt:~# nslookup openwrt.lan
Server:		127.0.0.1
Address:	127.0.0.1:53

Name:	openwrt.lan
Address: 192.168.1.1

Name:	openwrt.lan
Address: fd5f:b918:9d60::1

"Thats the command on Debian-based distros.": I`m running on macOS.

When restoring previous backup.tar.gz file, I can download the backup file without any erros though scp root@openwrt.lan:/tmp/backup-*.tar.gz .

After reset to defaults the problem persists.

lleachii · January 18, 2023, 7:32pm

So - you'd find the command(s) to remove/reset SSH keys in MacOS.

Execute nslookup on the MacOS, not the router.

These tasks should be completed on the client - not the router.

trendy · January 18, 2023, 7:39pm

That, it was a bit obvious from the beginning.

lleachii · January 18, 2023, 7:43pm

Wow...

@trendy - good catch!

You're saying the OP also executed the original scp command improperly on the OpenWrt - instead of on the Mac.

(I missed that at first.)

d-correa · January 18, 2023, 8:24pm

Thanks a lot @lleachii and @trendy !

I wasn't noticing it also. Just copying and pasting from the guideline:

I think it could be worth updating the guideline making it explicit: "#From the client, download backup ": despite obvious, it's not necessarily evident for newbies (like me). It comes from a sequence of tasks from the router side...

@lleachii , after you suggest "So - you'd find the command(s) to remove/reset SSH keys in MacOS." i ran it on Ubuntu and obviously got the same error, hopeless to get it working... thanks u both

lleachii · January 18, 2023, 8:51pm

Done! - https://openwrt.org/docs/guide-user/troubleshooting/backup_restore#back_up1

In the future:

system · January 28, 2023, 8:51pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.