Home Secure Shell (SSH) How To Fix ECDSA host key Warning Error In Linux

How To Fix ECDSA host key Warning Error In Linux

By sk
Published: Updated: 14.8K views

I have been using Oracle Virtualbox for years to deploy many virtual machines for testing and learning purposes. The other day I tried to connect to one of my remote server that runs with Arch Linux via SSH using command:

$ ssh sk@192.168.1.102

Here, sk is my remote Arch Linux server's username, and 192.168.1.102 is the Arch Linux IP address.

After running the above command, I got the following warning message:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:UX/eJ3HZT9q6lzAN8mxf+KKAo2wmCVWblzXwY8qxqZY.
Please contact your system administrator.
Add correct host key in /home/sk/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/sk/.ssh/known_hosts:4
ECDSA host key for 192.168.1.102 has changed and you have requested strict checking.
Host key verification failed.
"ECDSA host key" Warning Error

ECDSA host key has changed and you have requested strict checking. Host key verification failed.

I can't SSH to the Arch Linux system. I tried to login with alternative username, but I got the same result as shown above.

This is actually not an error message. It is just a security notification that indicates the ECDSA host key for the given remote system has changed since you last connected. As you might already know, when we access a remote system for the first time from a local system via SSH, a fingerprint for the ECDSA key sent by that remote host is cached and stored in $HOME/.ssh/known_hosts file in our local system.

When the identity (fingerprint) has changed after you reinstalled the remote system or assigned a same IP address for multiple remote systems, the above warning message shows up.

Fix ECDSA host key Warning Error In Linux

To work around this issue, first we need to update the cached ECDSA host key of your remote system in your local system's known_hosts file. As you might know, usually, the host keys will be stored in the /home/yourusername/.ssh/known_hosts file.

To remove the cached key, use the following command:

$ ssh-keygen -R <remote-system-ip-address>

In our case, the remote system's IP is 192.168.1.102, so let us use the following command to remove the host key from the "known_hosts" file.

$ ssh-keygen -R 192.168.1.102

Sample output:

# Host 192.168.1.102 found: line 4
/home/sk/.ssh/known_hosts updated.
Original contents retained as /home/sk/.ssh/known_hosts.old

Done!

Now, try again to ssh to the remote system with command:

$ ssh sk@192.168.1.102

Type 'Yes' and hit ENTER to update the host key of your remote system in your local system's known_hosts file.

The authenticity of host '192.168.1.102 (192.168.1.102)' can't be established.
ECDSA key fingerprint is SHA256:UX/eJ3HZT9q6lzAN8mxf+KKAo2wmCVWblzXwY8qxqZY.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.102' (ECDSA) to the list of known hosts.
sk@192.168.1.102's password: 
Last login: Thu May 19 18:01:24 2016
[sk@server ~]$
Fix "ECDSA host key" Warning Error In Arch Linux

Add ECDSA key fingerprint to the list of known hosts

That's it. Now, you will be able to ssh to your remote Arch Linux system without any problem. This method will work not only on Arch Linux, but also on other Linux distributions as well.

You May Also Like

8 comments

Jenn Stevens December 18, 2016 - 12:45 pm

Thank You!

Reply
Mike March 19, 2017 - 10:28 am

after typing yes, I recieved this:
Warning: Permanently added ‘192.168.1.26’ (ECDSA) to the list of known hosts.
Permission denied (publickey,keyboard-interactive).

Reply
SK March 19, 2017 - 1:25 pm

I am not sure why received this error. This trick worked for me. Look at this thread. Someone has given the work around to fix this issue. http://stackoverflow.com/questions/1556056/permission-denied-publickey-keyboard-interactive

Reply
El Leo November 7, 2018 - 5:25 pm

That’s not an error, just a warning saying that now the known_hosts file was updated with the new info for that host

Reply
sk November 7, 2018 - 7:51 pm

Yeah, you’re right.

Reply
abdelfettah May 6, 2019 - 11:54 pm

thanks , you solve my life .

Reply
sagar June 15, 2019 - 12:45 pm

how to avoid this warning to be printed?

Reply
prathap reddy September 24, 2019 - 5:20 pm

That’s good it is working ,thanks a lot for your great effort

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More