ChromeOS – removing SSH known_hosts from Chromebook

One of the things that is not implemented in the Secure Shell Chrome extension is the ability to remove know_host fingerprints which alert you if the fingerprint for a specific IP address has changed.

However there are times when you upgrade a systems and this need to be done.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
d6:be:12:7e:22:23:c3:e1:56:30:d6:cd:65:b7:ab:42.
Please contact your system administrator.
Add correct host key in /.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /.ssh/known_hosts:7
ECDSA host key for xxxxxxxxxxxxx.yyy.au has changed and you have requested strict checking.
Host key verification failed.
NaCl plugin exited with status code 255.
(R)econnect, (C)hoose another connection, or E(x)it?

Here is how to remove a known host fingerprint (from known_hosts) on a Chromebook.

You can find the index of the offending host entry reported by ssh if the connection fails (see above: “Offending ECDSA key in /.ssh/known_hosts:7”). Then you can open the JavaScript console (CTRL +Shift +J) and type the following into the console.

term_.command.removeKnownHostByIndex(INDEX);
Replace INDEX with the number obviously.

To clear all the known hosts:
term_.command.removeAllKnownHosts();

Author: Leo Gaggl

ict business owner specialising in mobile learning systems. interests: sustainability, internet of things, ict for development, open innovation, agriculture

17 thoughts on “ChromeOS – removing SSH known_hosts from Chromebook”

  1. Hi! I found your site while looking for a way to do what you did (delete an obsolete key). However, I don’t have the “removeKnownHostByIndex or .removeAllKnownHosts() on my ASUS. Do you know of an alternative method? Thanbks in advance!

  2. I was able to just use a rm command in the shell to remove my known_hosts file all together.

    sudo rm /home/chronos/user/.ssh/known_hosts

    worked great for me.

  3. That would mean you are in developer mode. This would not probably work for the average user that only has normal access. But I am not sure on that. Let me know if different.

    Cheers,
    Leo

  4. You really helped me out. Thank you! How the heck should I find out myself without finding this blog? Any source to begin how I should known this (secret??) information???

  5. I am try this, but it is throwing an error:
    term_.command.removeAllKnownHosts();
    VM268:1 Uncaught ReferenceError: term_ is not defined
    at :1:1(anonymous function) @ VM268:1

  6. Nope, doesn’t work even when launching the JS console from within the terminal window. Will keep searching … gotta be a way. Otherwise, re-imaging a VPS will always lock you out on a Chromebook.

  7. Thank you thank you thank you! This worked like a charm for me. I was going batty trying to otherwise edit the .ssh/known_hosts file. As Leo Gaggl said though to Saqib Ali, CTRL + SHIFT + j needs to be done from within the offending ssh tab (apparently) and not from crosh or other tab. (I’m on a 2015 Pixel FWIW)

  8. Still having the problem.

    term_.command.removeAllKnownHosts();
    VM43:1 Uncaught ReferenceError: term_ is not defined
    at :1:1
    (anonymous) @ VM43:1

  9. Leo, thanks for this post. I just reimaged an ubuntu server and i could not log in locally from the chromebook. Your answer in the comment to open the javascript console from the secure shell tab is gold!

    Keep up the good work of information

  10. Thank you. That worked perfectly.

    It’s an obscure thing to have to do but it was easy and effective.

Leave a Reply