When attempting to connect to an SSH server, the client may face the following warning:
$ ssh sysadm@192.168.158.129
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xxxxxxxxxxxxxxxxx
Please contact your system administrator.
Add correct host key in /Users/sysadm/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/sysadm/.ssh/known_hosts:20
RSA host key for 192.168.158.129 has changed and you have requested strict checking.
Host key verification failed.
The warning shows up when your computer notices that the SSH public key fingerprint of the host you’re trying to connect to doesn’t match the one stored in your local known_hosts file for the same IP address or name.
The most common reasons for this are:
- The SSH host key has actually changed (OS reinstalled, OpenSSH keys regenerated, etc);
- You are trying to make a connection to a different host that has been given the IP address or the name of the previous host;
- Someone is trying to deceive you.
Firstly, we recommend you to make sure you are connecting to your server and not to another (possibly fake) host. Maybe you really could face a sign of a man-in-the-middle attack. If this is a VPS/VDS host or virtual machine, connect to its console and check the fingerprint of its SSH key with the command:
$ ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub
Compare this with the fingerprint that appears when you connect to the host using the SSH client:
$ ssh sysadm@192.168.158.129 -v
The fingerprints match in our example.
To get rid of the warning, you need to remove the old line containing the fingerprint of the target SSH host from the known_hosts file using the command:
$ ssh-keygen -R 192.168.158.129
The known_hosts file is located:
- Linux: ~/.ssh/known_hosts
- Windows: c:\Users\%username%\.ssh
You can manually edit the file and remove the line with the old key fingerprint:
$ vi $HOME/.ssh/known_hosts
You can also remove a line from the known_hosts file by referring to its number in the warning message.
For example:
Offending RSA key in /Users/sysadm/.ssh/known_hosts:20
Remove line 20 from the file:
$ sed -i '20d' $HOME/.ssh/known_hosts
Now you can reconnect to the remote SSH host from the client and add its new key fingerprint to known_hosts file:
Are you sure you want to continue connecting (yes/no/[fingerprint]):yes
In March 2023, all GitHub users received a Warning: Remote Host Identification Has Changed when connecting to git repositories. This happened because on 24 March 2023 GitHub updated its RSA SSH host key, which is used to secure Git operations for GitHub.com, because the private key was briefly exposed in a public GitHub repository.
In order to get rid of the warning, you had to remove the old GitHub fingerprint from known_hosts using the command:
$ ssh-keygen -R github.com
