Home Linux troubleshooting Fix “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED” Error In Linux

Fix “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED” Error In Linux

By sk
Published: Updated: 6.9K views

Today, I tried to SSH into my remote Ubuntu 20.04 LTS server and encountered with this message - WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!.

$ ssh ostechnix@192.168.225.52

Sample output:

@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:K/jEKNQCYYOilJxOZc7qAWlu4xu0nW+MD09DfJL7+gc.
Please contact your system administrator.
Add correct host key in /home/sk/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/sk/.ssh/known_hosts:11
  remove with:
  ssh-keygen -f "/home/sk/.ssh/known_hosts" -R "192.168.225.52"
ECDSA host key for 192.168.225.52 has changed and you have requested strict checking.
Host key verification failed.
WARNING REMOTE HOST IDENTIFICATION HAS CHANGED

Error - WARNING REMOTE HOST IDENTIFICATION HAS CHANGED

This is actually not an error message. It is just a security notification that indicates the ECDSA host key for the given remote system has changed since you last connected. As you might already know, when we access a remote system for the first time from a local system via SSH, a fingerprint for the ECDSA key sent by that remote host is cached and stored in $HOME/.ssh/known_hosts file in our local system.

When the identity (fingerprint) has changed after you reinstalled the remote system or assigned a same IP address for multiple remote systems, the above warning message shows up.

Fix "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED" error in Linux

To fix this issue, simply remove the cached key for the IP address on the local system using command:

$ ssh-keygen -R 192.168.225.52

Sample output:

# Host 192.168.225.52 found: line 11
/home/sk/.ssh/known_hosts updated.
Original contents retained as /home/sk/.ssh/known_hosts.old
Fix "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED" Error In Linux

Fix "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED" Error In Linux

You can also explicitly specify the path of the known_hosts file with -f flag like below.

$ ssh-keygen -f "/home/sk/.ssh/known_hosts" -R "192.168.225.52"

The above command will delete all keys belonging to remote host from the known_hosts file of the local system. And also the old contents of the known_hosts file will be retained in a file named "known_hosts.old".

If you use different SSH port, you need to explicitly mention it like below:

$ ssh-keygen -R 192.168.225.52:1234

Here, 1234 is the SSH port number. Replace it with your actual SSH port number.

After removing the keys, try again to SSH into the remote system using command:

$ ssh ostechnix@192.168.225.52

Type "yes" and hit ENTER to add the remote host key in your local system:

The authenticity of host '192.168.225.52 (192.168.225.52)' can't be established.
ECDSA key fingerprint is SHA256:K/jEKNQCYYOilJxOZc7qAWlu4xu0nW+MD09DfJL7+gc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.225.52' (ECDSA) to the list of known hosts.
ostechnix@192.168.225.52's password:

Now you can able to access the remote system via SSH.

You May Also Like

1 comment

TGC September 6, 2020 - 10:22 pm

Perfect solution!!!
Thanks a lot!!!

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More