SSH to a local VirtualBox with Ubuntu

Question

I installed an Ubuntu server image on VirtualBox. Next I configured port forwarding 2222=>22.

When I use the following command things work ok :

ssh -p 2222 [email protected]

Password is prompted and I can login into Ubuntu on VBox.

However when I use :

ssh -p 2222 java@localhost

i get the following

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is ......... Please contact your system administrator. Add correct host key in /Users/cristian/.ssh/known_hosts to get rid of this message. Offending RSA key in /Users/cristian/.ssh/known_hosts:2 RSA host key for [localhost]:2222 has changed and you have requested strict checking. Host key verification failed.

Of course

ping localhost PING localhost (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.038 ms

Any idea why ?

Thanks

Answer 1

my workaround for local hosts that get re-installed a lot is to configure ssh so that local IPs use /dev/null for the hosts file (dangerous, be careful).

Answer 2

Just to restate the problem (to clear up some questions in the comments): The original question states that NAT is used, so both the host running the VM and the VM itself are identified by 127.0.0.1 aka localhost. So from the host, one can login to the VM using port forwarding (at stated) by mapping host port 2222 to VM port 22. If we have multiple VMs that we launch, all with similar network configuration, it does appear to the ssh client like the target is changing (because it is).

So, on to the original question, to address the issue at hand: rather than configure ssh to use /dev/null for the hosts file (which could be done on a per-host basis in ~/.ssh/config, specifically for localhost), one could simply give the VMs a unique name in the /etc/hosts file, and then refer to them using the hostname, rather than 127.0.0.1 or localhost. Hence, each VM will have its own name in the host's known-hosts file. For example,

$ sudo vim /etc/hosts
...
127.0.0.1   localhost my_real_hostname
127.0.0.1   my_vm1
127.0.0.1   my_vm2
...

The new VM's can be added as necessary (either adding the VMs all on one line; or, on separate lines, which might make scripting the adds/deletes a little easier via sed (an exercise left to the reader)).

Then to login to the VM, use the new hostname, which really just maps to 127.0.0.1 (again, assuming port forwarding is configured in the virtual machine's VirtualBox advanced network settings),

$ ssh -p 2222 vm_user@my_vm2
The authenticity of host '[my_vm2]:2222 ([127.0.0.1]:2222)' can't be established.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[my_vm2]:2222' to the list of known hosts.

And to remove it,

$ ssh-keygen -R '[my_vm2]:2222'
# Host [my_vm2]:2222 found: line 16
/home/user/.ssh/known_hosts updated.
Original contents retained as /home/user/.ssh/known_hosts.old

Note that the same could be done (repeatedly) with the localhost that was causing the original issue,

$ ssh-keygen -R '[localhost]:2222'
# Host [localhost]:2222 found: line 16
/home/user/.ssh/known_hosts updated.
Original contents retained as /home/user/.ssh/known_hosts.old