0

When I type this command, the following message appears:

line 1 invalid key: -----BEGIN ...
~/.ssh/known_hosts is not a valid known hosts file.
Not replacing existing known_hosts file because of errors
Vlastimil Burián
  • 28,462
Mohsen Yavari
  • 11
  • 1
  • 1
    Please include the exact, original command into your question by copy-pasting it from history. – Vlastimil Burián Nov 12 '19 at 13:26
  • Does your .ssh/known_hosts actually start with -----BEGIN ? There are other files under .ssh that should look like that, but not known_hosts. (They are likely to be private key files, so don't post the lines that follow here.) – JigglyNaga Nov 12 '19 at 18:06
  • @LinuxSecurityFreak the ssh tool itself understands ~ tilde expansion. For example, this works for me to connect to a remote_host - ssh -i '~/.ssh/id_rsa' remote_host id – Chris Davies Nov 19 '19 at 00:02

2 Answers2

2

The following line suggests that there's something in your known_hosts file that isn't a known host:

line 1 invalid key: -----BEGIN

That makes it look like there's an SSH key that was accidentally written to ~/.ssh/known_hosts instead of ~/.ssh/id_rsa

Open it in an editor. The known hosts entries look like:

192.168.1.1 ssh-rsa RzF4THZKZjc4S1VDRkdIVFZGYkg2dHJoWllDZkx4cmJib0RhY1F3SzczQWc3R2JHcFlpUjdvVE9Ia014RDlqMWOR2FseXdqVmlOeHJXcnZ4NUhVcGRhYzJ0R1VPaVRNNWlPbHZReFdEZ2dEd3RiR2g1cHZ1SFVwb1Y1WUx2VzFDVEJLcE4wOWJNdmluRTFMU2hlR1lU

An SSH key looks like:

-----BEGIN RSA PRIVATE KEY-----
VXhTNTdlUExWVHdjVEJnSE1xZmlHak5uRGw5dVVyWEhMOHEzd2ZvVHFKWG02ZHc4cnJZY2J0UUdE
R1VhQnJHUDl5NGpVTXJRRnIzZ1BFVzdYM2hMd0k0cHpXclRuRzB1anEzdGlPTW9RSjBUZWJaNEFy
OG1xb3d6WDlwWDNQV21ZYTdKZmduODYyc0NQaDlXQ2ZkZllyVzE4eEdjaDRHNmRobWFKWnpsN2RU
...
...
cUNDaDljQjZsSHBjaEM1T0liTE4xcUswMmV3eUJ0VXVxNW9NcURBMGJzRGdUdlo5cmdBS1RrdG5O
WFhoQzZ3cXo5WTFVSGFER3JFd2ljSGhTaEtyMkswcmdMSHR4cmhjQVE3Y0lGYlpqN0FuOVlRejRF
RDNscDlad2lBUDlhb25BSXM=
-----END RSA PRIVATE KEY-----

Remove the SSH key parts from the top and put them in the proper place (~/.ssh/id_rsa if that file doesn't already exist), or delete the whole file if you don't need any of it.

TexasDex
  • 46
0
~/.ssh/known_hosts is not a valid known hosts file.

I think this means the file exists but it is not in the standard format.

ssh-keygen updates the file, so you don't lose any previous keys. It is important that it can understand the existing entries before it edits in any new ones.

Look at the existing file with a text editor, and see what is in it. It might be empty or corrupted by a previous error. You need to decide if you can repair it (take a backup first), or if you want to start over. Maybe just mv it to:

~/.ssh/known_hosts.yyyymmdd

that would be a timestamp from its existing creation date, so ssh-keygen will make a fresh file.

Vlastimil Burián
  • 28,462
Paul_Pedant
  • 8,679
  • 1
    His title says Why ssh-keygen -f “~/.ssh/known_hosts” -R “hostname or ip” doesn't work?, so the most obvious error here is non-expanding tilde inside double-quotes. I know he did not include the command inside the question itself, none-the-less, please notice the title, for your future endeavors with us. Cheers! – Vlastimil Burián Nov 12 '19 at 17:39
  • @LinuxSecurityFreak the ssh tool itself understands ~ tilde expansion. For example, this works for me to connect to a remote_host - ssh -i '~/.ssh/id_rsa' remote_host id – Chris Davies Nov 19 '19 at 00:06