Remote Host Identification Has Changed warning in SSH
I can't SSH into my Linode and I keep getting this message. How do I fix this?
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:g38Q4Xc1UI4WcClY+GaohmhZSOHbgLo6+eYBFr0Iu6U.
Please contact your system administrator.
Add correct host key in /Users/me/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/me/.ssh/known_hosts:10
RSA host key for rita.cecs.pdx.edu has changed and you have requested strict checking.
Host key verification failed.
1 Reply
When you connect to a server via SSH, it gets a fingerprint for the ECDSA key, which it then saved to your home directory under ~/.ssh/known_hosts
. This is done after first connecting to the server, and will prompt you with a message like this:
$ ssh root@10.10.10.10
The authenticity of host ' (10.10.10.10)' can't be established.
ECDSA key fingerprint is SHA256:hotsxb/qVi1/ycUU2wXF6mfGH++Yk7WYZv0r+tIhg4I.
Are you sure you want to continue connecting (yes/no)?
If you enter 'yes', then the fingerprint is saved to the known_hosts file, which SSH then consults every time you connect to that server.
The error message in an indication that your ssh key has changed since you last connected to the server. This can happen when you rebuilt your Linode or reinstall the OS. You're using the same remote computer address as before but the remote computer is responding with a different fingerprint. Therefore, it's possible that someone is spoofing the computer you previously connected to.
If you're 100% sure that the remote computer isn't compromised, hacked or being spoofed, then there are two ways to resolve this.
Manually Resolve via known_hosts
All you need to do is delete the entry in your known_hosts
file for the remote computer. That will solve the issue as there will no longer be a mismatch with SHA256 fingerprint IDs when connecting.
Just edit ~/.ssh/known_hosts
and delete line 15, as the message pointed you:
Offending ECDSA key in /Users/fintan/.ssh/known_hosts:15
Resolve Using ssh-keygen
Or use ssh-keygen to delete the invalid key
ssh-keygen -R "you server hostname or ip"
For example
ssh-keygen -R 10.10.10.10
This is done on your local machine if you have a mac or Linux. If you have a windows, follow this guide here.