Fix SSH "Remote Host Identification has Changed" on Linux

Cyrus Kao15 Feb 2022

Last modified on 15 Feb 2022 at 06:08:23

If you encounter the error WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! while connecting to your remote machine through SSH, it means the identification key on the server is not the same with last connection. To fix this, simply remove the host's key from ~/.ssh/known_hosts.

Error message example:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:w9g7MituUpR5oFSwKpLwmupwSpyHZDjDDt4gK6+Qjuo.
Please contact your system administrator.
Add correct host key in /home/arch/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/arch/.ssh/known_hosts:14
Host key for localhost has changed and you have requested strict checking.
Host key verification failed
Output

Solution

There are two ways to remove the host's identification keys, either by ssh-keygen or doing it manually.

Follow the steps only if you're certain that the identity changing is caused by you.

Using `ssh-keygen` (Recommend)

Remove all keys belonging to the hostname from known_hosts:

ssh-keygen -R localhost
Bash

Change localhost to the hostname (e.g. IP address) of your server.

Delete Manually

Remove the line of known_hosts according to your error message, it's /home/arch/.ssh/known_hosts:14 in my case:

Comments

0500

Disable Automatic Update/Upgrade on Debian/Ubuntu through SSH or Desktop

To turn off automatic system upgrade and package lists update on your Debian/Ubuntu based Linux distros is quite easy. And we'll be covering editing apt configuration through both CLI (Command-Line Interface) and GUI (Graphical User Interface) so it can be done by ssh or desktop.

SSH Ubuntu Debian APT Linux

Fix Permissions for Private Key are Too Open with SSH

Default file permissions on Linux is 777, which means everyone can read, write and execute the file. It's fine for most of the scenario, but it's another story when comes to SSH private key. If you try to establish a SSH connection with a too open private key, WARNING: UNPROTECTED PRIVATE KEY FILE! will be shown.

SSH File Permissions Private Key Linux

Two Ways to Install Packages from AUR on Arch Linux/Manjaro

In this guide we'll take Google Chrome (google-chrome) for example, showing you two ways to install packages from AUR. Including using the default package manager pacman and an easier approach with the AUR helper yay.

Yay Pacman Package Manager Manjaro Arch Linux Linux

Configure PPPoE DSL Connection on Arch Linux/Manjaro with pppoe-setup

Just like pppoeconf from Debian/Ubuntu, Arch Linux/Manjaro has its own preferred ways to configure PPPoE connection. This guide is refer to Direct modem connection on ArchWiki. We'll be using pppoe-setup from package rp-pppoe to set up the connection, and configure to dial-up at system startup.

PPPoE DSL ISP Manjaro Arch Linux Linux

Solution

Using ssh-keygen (Recommend)

Delete Manually

Comments

Using `ssh-keygen` (Recommend)