Host key verification fails when trying to ssh to local (connected via wireguard) instance

Questions / Help
1

After connecting to my fly network via wireguard I am trying to ssh into one of my local app instances (well, scp, to retrieve a file from the local volume to see its content), but the ssh command (scp) fails routinely with the following error:

scp -r root@{my_app_name}.internal:/path/to/file .
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
Host key for {my_app_name}.internal has changed and you have requested strict checking.
Host key verification failed.

How do I resolve this and how do I make sure I don’t have to consistently deal with this?

2

I can get this to work by editing my local ~/.ssh/known_hosts file and removing the entry for {my_app_name}.internal, but do I have to just routinely do that or is there something I’m missing that would prevent this from happening?

3

Host key checking won’t work for Fly VMs because <app>.internal changes all the time. Your best bet is to disable it, I think you can do it per command with scp like this:

scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null

You may be able to put this in your ~/.ssh/config to turn it off for all Fly apps:

Host *.internal
    StrictHostKeyChecking no
1 Like