Fix SSH "Remote Host Identification has Changed" on Linux

mail
Cyrus Kao
Last modified

If you encounter the error WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! while connecting to your remote machine through SSH, it means the identification key on the server is not the same with last connection. To fix this, simply remove the host's key from ~/.ssh/known_hosts.

Error message example:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:w9g7MituUpR5oFSwKpLwmupwSpyHZDjDDt4gK6+Qjuo.
Please contact your system administrator.
Add correct host key in /home/arch/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/arch/.ssh/known_hosts:14
Host key for localhost has changed and you have requested strict checking.
Host key verification failed
Output

Solution

There are two ways to remove the host's identification keys, either by ssh-keygen or doing it manually.

Follow the steps only if you're certain that the identity changing is caused by you.

Using ssh-keygen (Recommend)

Remove all keys belonging to the hostname from known_hosts:

ssh-keygen -R localhost
Bash

Change localhost to the hostname (e.g. IP address) of your server.

Delete Manually

Remove the line of known_hosts according to your error message, it's /home/arch/.ssh/known_hosts:14 in my case:

known_hosts
~/.ssh/known_hosts in gedit
account_circle
I'm a full stack developer and GNU/Linux enthusiast from Taiwan. BTW, I use Arch.

Comments

0500