Ubuntu: “Remote host identification has changed” warning when connecting over SSH


I got this message today when trying to log into my server. What should I do? Whats going on?

$ ssh  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@  @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @  @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@  IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!  Someone could be eavesdropping on you right now (man-in-the-middle attack)!  It is also possible that the RSA host key has just been changed.  The fingerprint for the RSA key sent by the remote host is  3d:1b:02:9e:b2:b8:f0:f7:c6:4f:94:96:f6:e3:c0:d1.  Please contact your system administrator.  Add correct host key in /root/.ssh/known_hosts to get rid of this message.  Offending key in /root/.ssh/known_hosts:8  RSA host key for has changed and you have requested strict checking.Host key verification failed.  


Did you recently reinstall the OS on your server or anything like that? That would cause this.

To fix this: http://www.cyberciti.biz/faq/warning-remote-host-identification-has-changed-error-and-solution/


From what I can tell, all these answers are about suppressing the warning, instead of dealing with it. In short, the warning is telling you that the server doesn't look like it used to look; see https://en.wikipedia.org/wiki/Man_in_the_middle_attack for why this may be a danger.

Read man ssh, especially this section:


When connecting to a server for the first time, a fingerprint of the server's public key is presented to the user (unless the option StrictHostKeyChecking has been disabled). Fingerprints can be determined using ssh-keygen(1):

   $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key  

To be on the safe side, you (or someone you trust) should have run this command first on the server you are connecting to. It will give you a fingerprint looking sort of like the one given in the warning in the question. Of course, often you don't have this info, but if you have reason to suspect something is up, running that command is the way to check if the server signature has really changed, or if there may be something suspicious going on.


I faced the same problem, and if you do not wish to delete the entireknown_hosts file, you can execute the following command:

ssh-keygen -R

There is no problem with deleting the known_hosts. You will only have to add each server you connect to, to the list each time you connect to them. Might screw up your scripts too, because the hosts are not yet trusted. The alert occurs when the signature of the host (the computer you are trying to connect to generated new keys, usually because of a re-install, or key rotation.)


If you believe that warning a false positive, you can delete your /root/ssh/known_hosts to start a new verifications.


If you've recently reinstalled the server, or otherwise changed the host key, it's probably safe to remove line 8 from your ~/.ssh/known_hosts file and re-add the server (by ssh'ing to it, and answering "yes" when it asks for key verification)


As your server is on a local network, you can be quite confident.

If you reinstalled your system, this is normal, but instead of removing your known_hosts file, I'd recommand doing echo "" > ~/.ssh/known_hosts


ssh -q does this trick also.


Copy this line, but put in the username and hostname/IP for user and remote-server:

ssh-keygen -f "/home/user/.ssh/known_hosts" -R remote-server

For example:

ssh-keygen -f "/home/dev1/.ssh/known_hosts" -R  

And paste it on your local terminal and run it. This worked for me.

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »