SSH

Create a new known_hosts file

...out of a private or public key

• Get public key from private key: ssh-keygen -yf id_rsa_sftp > my-public-key
• Or, use the public key directly if it exists, for example my-public-key
• Create a known_hosts file: touch known_hosts
• Append a known host as IP or URL: echo this-is-an-example.com >> known_hosts
• Append the public key: cat my-public-key >> known_hosts
• If you use HashKnownHosts yes (Debian and Ubuntu does), you need to re-hash your known_hosts: ssh-keygen -Hf known_hosts

Change private key's pass phrase

ssh-keygen -pf ~/.ssh/id_dsa

Error: ssh remote host identification has changed

The problem is that you've previously accepted an SSH connection to a remote computer and that remote computer's digital fingerprint or SHA256 hash key has changed since you last connected. Thus when you try to SSH again, you get an error. Why? Because you're using the same remote computer address as before but the remote computer is responding with a different fingerprint. Therefore, it's possible that someone is spoofing the computer you previously connected to. This is a security issue.

If you're 100% sure that the remote computer isn't compromised, hacked, being spoofed, etc then all you need to do is delete the entry in your known_hosts file for the remote computer. That will solve the issue as there will no longer be a mismatch with SHA256 fingerprint IDs when connecting.

Solution: Delete the corresponding known host's entry.

ssh-keygen -R your-remote-host and let it be added with a new SSH or SFTP login. Then copy the new known_hosts after deleting other hosts from it, to Jenkins and inject it from a pipeline script. This must be done for each server separately, that is, you need one host file credential for each server.