xfreerdp: fix “remote host identification has changed” error

When connecting to multiple Windows PCs using SSH port forwarding, you might see:

The host key for localhost has changed @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed.

While you must consider the security implications of this option for yourself, you can include the

/cert-ignore

option in the xfreerdp command to bypass this error message.

Since your SSH connection should be already checked for man in the middle, it seems that unless your Windows PC is already hacked, the man-in-the-middle check may be somewhat less likely to be needed–but you must make this evaluation yourself.

example freerdp script

Assume our windows PC public IPv4 address is 1.2.3.4, with a Cygwin OpenSSH server running on port 22, with port 3389 blocked by the Windows firewall, and windows username joe.

#!/bin/sh
ssh -f -p 22 -L 3389:localhost:3389 [email protected] sleep 1;
xfreerdp /cert-ignore /u:joe /v:localhost:3389

Whatever your use case, the /cert-ignore is what’s important in the xfreerdp command.

Tags:

Categories:

Updated: