ssh remote host identification has changed

Question

I've reinstalled my server and I am getting these messages:

[user@hostname ~]$ ssh root@pong
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
6e:45:f9:a8:af:38:3d:a1:a5:c7:76:1d:02:f8:77:00.
Please contact your system administrator.
Add correct host key in /home/hostname /.ssh/known_hosts to get rid of this message.
Offending RSA key in /var/lib/sss/pubconf/known_hosts:4
RSA host key for pong has changed and you have requested strict checking.
Host key verification failed.

I have tried various solutions that I found on the Internet. My known_hosts file (normally in ~/.ssh/known_hosts) is in /var/lib/sss/pubconf/known_hosts. I've tried to edit it, but it remains in one state. I have installed ipa-client and have Fedora 19. How do I resolve this warning?

All the answers answered so far work only if you do not have Freeipa installed.

The right answer for freeipa in comments below from adrin is here.

just found out hard way that this problem can also happen if you have ip address conflict nslookup your ip to debug this issue more — sharrajesh, Apr 04 '15 at 23:03
There is a deadlock here. This one is marked duplicate so no one can add answer and the one it links is marked off topic so no can add answer there as well. If you delete the known_hosts, it will fix the issue as well. — zar, Nov 02 '15 at 20:57
I had the same problem. For the sake of mine and others, here's the question and my answer to it: http://superuser.com/questions/1071204/ssh-failiur-offending-rsa-key-in-var-lib-sss-pubconf-known-hosts — adrin, Apr 29 '16 at 09:28
As someone looking to verify their key first I found this answer useful. http://askubuntu.com/a/83499/620623 — Declan McKenna, Dec 22 '16 at 11:30
As sharrajesh mentions: check your DNS entries (in FreeIPA for me) and see you don't have multiple A entries with IPs that are not reachable from the network. — th3penguinwhisperer, Dec 26 '17 at 12:47
This situation happens while your server's certified key is different from the keys you have saved. Firstly,you should check if server's fingerprint (eg:`SHA256:6e:45:f9:a8:af:38:3d:a1:a5:c7:76:1d:02:f8:77:00`) is same as your target machine's fingerprint. If not, you are being **man-in-the-middle attack** Don't just remove keys from know_hosts!!!!!!!!!! — VictorV, Sep 05 '18 at 10:27
`ssh-keygen -f "/root/.ssh/known_hosts" -R 192.162.1.1` or `ssh-keygen -R 192.162.1.1` — Jinna Balu, Aug 16 '19 at 05:33
Filip, would you consider marking one of the answers provided as accepted one? :) — Muhamed Huseinbašić, Nov 12 '19 at 18:53
@Muhamed unfortunately any of the answers answered so far would not work for me as the sssd would refetch the original key from the free IPA again. The only working answer came from adrin in form of comment with link to superuser.com. (the link is now included in my question at the very end. — Filip Dobrovolný, Nov 21 '19 at 09:32
You may have used this same ip address on another client. A quick fix is to just change your clients address to a new address and try again. — Josh, Apr 22 '21 at 19:52
See also: https://www.digitalocean.com/community/questions/warning-remote-host-identification-has-changed — Gabriel Staples, Dec 01 '21 at 19:36
It seems that GitHub updated its RSA SSH host key for security reasons. If anyone is experiencing the same issue try to run ssh-keygen -R github.com command. — Himanshu Singhal, Mar 24 '23 at 06:11
If you're ending up on this question in March 2023, it's likely because GitHub just updated their RSA key. Details on what to do here: github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key — Yogesh Yadav, Mar 24 '23 at 11:14
LATEST UPDATE : https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ — Vipertecpro, Mar 24 '23 at 14:00
To resolve this issue, you can open the known_hosts file using the Nano text editor with the command nano ~/.ssh/known_hosts, then search for all instances of github.com and remove them. Once you've removed the outdated fingerprints, save the file and try to connect to GitHub again. The next time you attempt to connect, you should be prompted to add new fingerprints to your known_hosts file. Confirm that you want to add the new fingerprints by typing "yes" and pressing enter, and you should be good to go! — Yuvrajsinh Jhala, Mar 30 '23 at 03:01
Thank you @Leonardo. Question is closed so nobody can come back to add updated answers... — Jack, Apr 01 '23 at 19:51
Thank you @YuvrajsinhJhala. With your helpful note, after removing all the entries using `ssh-keygen -R github.com`, I restarted my SourceTree app, and "pushing" is working now (I didn't add any new lines manually or use a bash command). Also, I updated the SourceTree app before pushing for the first time. — arielhasidim, Apr 03 '23 at 10:35
Started getting this for bitbucket too... `ssh-keygen -R bitbucket.org` fixed it — gtiwari333, Jun 20 '23 at 17:50

score 1759 · Answer 1 · edited Sep 28 '22 at 09:15

1759

Here is the simplest solution:

ssh-keygen -R <host>

For example,

ssh-keygen -R 192.168.3.10

From the ssh-keygen man page:

-R hostname Removes all keys belonging to hostname from a known_hosts file. This option is useful to delete hashed hosts (see the -H option above).

edited Sep 28 '22 at 09:15

Matthias Braun

32,039
22
142
171

answered Apr 18 '14 at 08:35

Kashif Nazar

20,775
5
29
46

I am on Windows and this solution, nor does removing key, work, what else can I try? – jaycode Apr 06 '15 at 18:32
10

Alright, turns out on Windows I need to use terminal from git bash for this (or any MingW32 terminal). Tricky. – jaycode Apr 06 '15 at 18:34
53

keep in mind that if you connected via a specific port, you might have to remove with syntax like `ssh-keygen -R [127.0.0.1]:3022`. Just check your .ssh/known_hosts file for what it explicitly says. – Adam Johns May 10 '15 at 17:48
@KashifNazar But I'm removing `known host` file and re-adding while connection establishes. It is working, although after few time it is again getting changed to something else resulting in the same issue. Any help ! – diffracteD Sep 29 '15 at 13:07
⁺¹ of course, but is there a way to not do it? E.g. I'm often rewriting a system of embedded device, to which I need to connect to, and it's quite annoying to rerun the command every time. – Hi-Angel Jul 07 '16 at 11:21
11

When I try this I get the error " not found in ~/.ssh/known_hosts" – Nodeocrat Aug 15 '17 at 09:04
@KashifNazar I am facing the same problem. I tried your solution, but ssh gives the following error: `ssh: connect to host embs port 22: Connection refused`, even when I'm specifying the port as `-p 422`. I checked the file `/var/root/.ssh/known_hosts` after running the command you suggested; it merely deleted the contents of the file, it did not put a new sha-key for the host. How do I fix this? I tried specifying the port in your command, like `ssh-keygen -R [203.186.120.44]:422`, but that didn't fix the issue either. – Kristada673 Jan 09 '18 at 02:51
13

`` should be used with the exact value from the error message, in single quotes for shell-escaping. e.g.: `... host key for [example.com]:3422 has changed ...` becomes `ssh-keygen -R '[example.com]:3422'` – Samuel Kirschner Jul 24 '18 at 12:18
Edit the host file `Removes all keys belonging to hostname from a known_hosts file.` – Bira Jan 22 '19 at 03:15
This does nothing to fix the OP's problem: the *managed* file by sssd in '/var/lib/sss/pubconf/known_hosts' - it will instantly be recreated with the wrong key the second they try to ssh again. – Mercury00 Mar 12 '19 at 22:28
1

It may also be helpful to add quotes around the address, for example: `ssh-keygen -R "[127.0.0.1]:3022"` – Dilworth Mar 28 '19 at 22:07
On Windows, just edit the `known_hosts` file that is mentioned in the git error and DELETE the line with the old IP. On the next connection to git server, it will ask you to confirm the new IP and all will be well again. – userfuser Jun 24 '20 at 09:08
For people getting not found error this might be happening because: There are usually several known_hosts file for each "user", meaning you might need to run the command as $root: ssh-keygen -R , or $my-user: ssh-keygen -R . – R.K Sep 01 '21 at 12:07
In case you're using `zsh` and getting `no matches found` you need to wrap hostname with double quotes, so `"[hostname]"` - found it here https://apple.stackexchange.com/questions/411595/ssh-keygen-r-saying-wrongly-no-matches-found – Jared Jan 05 '22 at 14:21
Now when I tried to pull I am getting the same error after this command – Qazi Ammar Nov 24 '22 at 07:36
1

GitHub recently updated theirs RSA SSH Host Key https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ – Bernardo do Amaral Teodosio Mar 24 '23 at 16:40
How do I know what `` is? – HelloGoodbye Mar 24 '23 at 23:55
@HelloGoodbye Just to answer this since I same issue: I found it by physically opening the `~/.ssh/known_hosts`. The IP is probably displayed there. But you could just `cat ~/.ssh/known_hosts`. Opening it as I did defeats the purpose of the command, since U might as well just delete it manually if you've had to physically find and open the file. – Mote Zart Apr 02 '23 at 18:16
@MoteZart When I open `~/.ssh/known_hosts`, there is nothing that looks like an IP addesses there; instead, I get rows that look like e.g. "`|1|yWIW17YIg0wBRXJ8Ktt4mcfBqsk=|cFHOrZ8VEx0vdOjau2XQr/K7B/c= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR293PJnDCj59XxfqYGctrMo60ZU5IOjACZZNRp9D6f`". – HelloGoodbye Apr 04 '23 at 11:04
@HelloGoodbye For me most of the lines start with an IP: start of key(`777.7777.777.77 ssh-ed25519 abcdegf....=`)end of key. Sorry, I guess I don't truly know enough to have commented then :( – Mote Zart Apr 09 '23 at 20:04
@MoteZart You can always comment and try to help, and even though the help would have been applicable for many people there may be exceptions for which it works differently. It's all part of sharing knowledge and learning yourself ;) – HelloGoodbye Apr 10 '23 at 00:31
doesn't work, as needs to be something else. Please try to be more specific with your answer, we can't read minds about what to write! – Erika Electra Apr 22 '23 at 13:42

score 273 · Answer 2 · edited Aug 16 '19 at 10:19

273

Use

ssh-keygen -R [hostname]

Example with an ip address/hostname would be:

ssh-keygen -R 168.9.9.2

This will update the offending of your host from the known_hosts. You can also provide the path of the known_hosts with -f flag.

edited Aug 16 '19 at 10:19

Jinna Balu

6,747
38
47

answered Apr 24 '14 at 09:35

ravi ranjan

5,920
2
19
18

2

Removing corresponding key ```$ ssh-keygen -R {server.name.com}``` | ```$ ssh-keygen -R {ssh.server.ip.address}``` | ```$ ssh-keygen -R server.example.com``` – DaddyMoe Oct 09 '15 at 11:41
3

Hostname clear example: `ssh-keygen -R '[localhost]:2222'` – Pysis Jun 23 '20 at 01:52
1

typically occurs when the unique fingerprint of your server does not match what was stored in your known_hosts file when you first connected. Use the following commands on Linux. `s /home/username/.ssh` use to see all the ssh keys. to see all the host fingerprints you have added previously `cat /home/username/.ssh/known_hosts` . You must delete one that is creating this issue. To remove one `ssh-keygen -R [hostname]`. If this does not work you can take backup `cp -R /home/username/.ssh/known_hosts /home/username/.ssh/known_hosts.backup` and delete `rm -rf /home/username/.ssh/known_hosts` – Md Shayon Mar 14 '23 at 21:03
What is [hostname]? Please be more specific. Use a specific example, like for GitHub pulls on macOS Sierra! – Erika Electra Apr 22 '23 at 13:43
@ErikaElectra I was wondering the same, turms out it's was just "bitbucket.org" in my case, probably github.com in yours – Brumor Jun 21 '23 at 12:17

score 147 · Answer 3 · edited Mar 31 '15 at 16:25

147

I had this same error occur after I recreated a Digital Ocean Ubuntu image. I used the following command with my server IP in place of [IP_ADDRESS]

ssh-keygen -R [IP_ADDRESS]

edited Mar 31 '15 at 16:25

warvariuc

57,116
41
173
227

answered Feb 15 '14 at 08:49

Ben

1,479
1
8
2

Thank you so much! I was using the host name and it only worked with the IP_ADDRESS :) – J. Lopes Aug 05 '17 at 18:53
1

This did it for me and should be the accepted answer. I don't know why there are two copies of this answer that came later and both have more upvotes. – Wylliam Judd May 14 '18 at 16:07
Yours was not the same error; your server wasn't running SSSD. See the OP. – Mercury00 Mar 12 '19 at 22:30

score 140 · Answer 4 · edited Oct 16 '22 at 00:16

140

The sledgehammer is to remove every known host in one fell swoop:

rm ~/.ssh/known_hosts

On Monterey

sudo rm /var/root/.ssh/known_hosts

I come up against this as we use small subnets of short-lived servers from a jump box, and frequently have internal IP address reuse of servers that share the same ssh key.

edited Oct 16 '22 at 00:16

DragonFire

3,722
2
38
51

answered May 31 '17 at 19:31

Andy Hayden

359,921
101
625
535

Worked for me on a vagrant VM when the accepted answer didn't work. – 100pic Apr 03 '18 at 03:57
9

Useful tool to have in the belt, but this could open you up for a MitM attack (the exact thing that `known_hosts` is meant to prevent). Only do this if you are confident that _all_ of the hosts in there are safe. – Freedom_Ben Jan 31 '19 at 19:33
1

This worked for me as well, after that I created host file again by running ssh sshuser@, thanks – Kanchan Tyagi Feb 18 '22 at 07:43
1

worked on my mac. – RwkY Sep 07 '22 at 17:53
2

I have a feeling to delete all known_hosts is not a super idea, it is needed to delete only needed fingerprint, but not all – Chaki_Black Mar 24 '23 at 09:34

score 53 · Answer 5 · answered Dec 30 '13 at 12:59

53

When you reinstall the server its identity changes, and you'll start to get this message. Ssh has no way of knowing whether you've changed the server it connects to, or a server-in-the-middle has been added to your network to sniff on all your communications - so it brings this to your attention.

Simply remove the key from known_hosts by deleting the relevant entry:

sed '4d' -i /var/lib/sss/pubconf/known_hosts

The 4d is on the account of Offending RSA ...known_hosts:4

answered Dec 30 '13 at 12:59

mockinterface

14,452
5
28
49

1

Thanks, but I don't know why, but I remove it and it is in it again. I have tries stop sssd service and this effect gone, but after starting sssd, it appears again. – Filip Dobrovolný Dec 30 '13 at 13:02
Backup your ~/.ssh directory and then delete it. Does your service keeps re-adding the keys after ~/.ssh was blown away? – mockinterface Dec 30 '13 at 13:10
1

I have renamed .ssh to .ssh_old, after new try to connect it just create empty directory .ssh. And I still can't make /var/lib/sss/pubconf/known_hosts "editable". – Filip Dobrovolný Dec 30 '13 at 13:52
5

The more portable way to do this: `sed -i -e 4d /var/lib/sss/pubconf/known_hosts` – Pierz Feb 11 '15 at 10:32
2

How do you backup the server's `identification` in the event that you wish to rebuild the server without causing disruptions like this error message? – Ninjaxor May 21 '17 at 22:02

score 49 · Answer 6 · answered Feb 20 '17 at 19:22

The problem is that you've previously accepted an SSH connection to a remote computer and that remote computer's digital fingerprint or SHA256 hash key has changed since you last connected. Thus when you try to SSH again or use github to pull code, which also uses SSH, you get an error. Why? Because you're using the same remote computer address as before but the remote computer is responding with a different fingerprint. Therefore, it's possible that someone is spoofing the computer you previously connected to. This is a security issue.

If you're 100% sure that the remote computer isn't compromised, hacked, being spoofed, etc then all you need to do is delete the entry in your known_hosts file for the remote computer. That will solve the issue as there will no longer be a mismatch with SHA256 fingerprint IDs when connecting.

On Mac here's what I did:

1) Find the line of output that reads RSA host key for servername:port has changed and you have requested strict checking. You'll need both the servername and potentially port from that log output.

2) Back up the SSH known hosts file cp /Users/yourmacusername/.ssh/known_hosts /Users/yourmacusername/.ssh/known_hosts.bak

3) Find the line where the computer's old fingerprint is stored and delete it. You can search for the specific offending remote computer fingerprint using the servername and port from step #1. nano /Users/yourmacusername/.ssh/known_hosts

4) CTRL-X to quit and choose Y to save changes

Now type ssh -p port servername and you will receive the original prompt you did when you first tried to SSH to that computer. You will then be given the option to save that remote computer's updated SHA256 fingerprint to your known_hosts file. If you're using SSH over port 22 then the -p argument is not necessary.

Any issues you can restore the original known_hosts file: cp /Users/yourmacusername/.ssh/known_hosts.bak /Users/yourmacusername/.ssh/known_hosts

That should be marked as accepted answer. Following those steps fixed my problem while `ssh-keygen -R [IP_ADDRESS]` didn't work for me. Thanks! — Yusuf Kamil AK, Dec 06 '17 at 18:50
Yeah, one of those cases that's not fair, best answer for sure. The 2nd and 3rd answers just repeat what the 1st said, and all of them have an incomplete solution. — brasofilo, Apr 08 '20 at 00:58
and what if I am not sure that the remote computer is compromised? — Aniket Kariya, Feb 22 '22 at 13:11

score 25 · Answer 7 · answered Mar 30 '17 at 04:45

25

As many have already said, use ssh-keygen, i.e.

ssh-keygen -R pong

Also, you may like to consider temporarily turning off host key checking:

ssh -oStrictHostKeyChecking=no root@pong

answered Mar 30 '17 at 04:45

Stephen Quan

21,481
4
88
75

4

what I'm using for the **.ssh/config**: `Host ???? CheckHostIP no StrictHostKeyChecking no` (3 lines, tabulated starting from the 2nd) – XXL Sep 11 '18 at 18:16

score 24 · Answer 8 · edited Jun 20 '20 at 09:12

24

Works for me!

Error: Offending RSA key in /var/lib/sss/pubconf/known_hosts:4

This indicates you have an offending RSA key at line no. 4

Solution 1:

1. vi /var/lib/sss/pubconf/known_hosts

2. remove line no: 4.

3. Save and Exit, and Retry.

Solution 2:

ssh-keygen -R "you server hostname or ip"

OR

Solution 3:

sed -i '4d' /root/.ssh/known_hosts

This will remove 4th line of /root/.ssh/known_hosts in place(-i).

edited Jun 20 '20 at 09:12

Community

1
1

answered Feb 07 '17 at 04:03

Sahil Gulati

15,028
4
24
42

1

This works for root's .ssh known_hosts file. Not for /var/lib/sss/pubconf/known_hosts, which is a managed file by SSSD, and populated by a remote server. – Mercury00 Mar 12 '19 at 22:33
1

on my case, for some reason, the issue happened on known_hosts*2*. Following these steps helped me to find that out, thanks @Sahil Gulati! – Lucas Apr 15 '19 at 17:19
1

I tried Solution 3 but got error (`sed: -I or -i may not be used with stdin`), so switched to Solution 1 to solve for me. Overall still, this is the Best Answer +1! – cellepo Mar 30 '23 at 19:15

score 13 · Answer 9 · answered Jul 31 '20 at 16:42

13

updated your ssh key, getting the above message is normal.

Just edit ~/.ssh/known_hosts and delete line 4, as the message pointed you

Offending RSA key in /Users/isaacalves/.ssh/known_hosts:4

or use ssh-keygen to delete the invalid key

ssh-keygen -R "you server hostname or ip"

answered Jul 31 '20 at 16:42

Kishore

561
9
24

This is the simplest solution – Hasan Sawan Mar 25 '23 at 01:04
For those working on a mac. note that for smaller window sizes, the lines would not be literally. Lines start wherever there is a new host name – Timilehin A. Apr 30 '23 at 02:28

score 11 · Answer 10 · answered May 14 '14 at 09:38

11

I used the solution of mockinterface, though the sed -i didn't quite work I solved it by deleting the line by hand with vim:

sudo vim /var/lib/sss/pubconf/known_hosts

You can use any other text editor you want, but probably you'll need to show your administrative privileges

answered May 14 '14 at 09:38

3nrique0

349
6
14

1

Yes, delete the record of same IP in the known_hosts file will resolve the issue. – wherby Oct 28 '15 at 11:35
The entry is instantly recreated by SSSD when trying to ssh again. note that sss pubconf known_hosts is a managed file, not some local repository populated by the local server. – Mercury00 Mar 12 '19 at 22:32

score 10 · Answer 11 · answered Jun 02 '22 at 20:19

10

FINAL Solution!

It is showing due to the stored invalid ECDSA key. So we have to remove the ECDSA key from our master/controller machine by using the below command:

ssh-keygen -R 192.168.0.132

Here 192.168.0.132 is the remote system IP.

answered Jun 02 '22 at 20:19

Mahmud

119
1
7

1

there's no reason to have yet another duplicate answer here – éclairevoyant May 26 '23 at 05:56

score 9 · Answer 12 · answered Jan 15 '17 at 23:03

9

The other answers here are good and working, anyway, I solved the problem by deleting ~/.ssh/known_hosts. This certainly solves the problem, but it's probably not the best approach.

answered Jan 15 '17 at 23:03

tjespe

704
7
17

score 9 · Answer 13 · edited May 20 '19 at 21:28

9

Edit /home/hostname /.ssh/known_hosts,and delete the 4 lines, and save it.

Then run ssh root@pong again, you will see message like this:Are you sure you want to continue connecting (yes/no)? yes, just print yes.

Note: If you got some problem, read the hints first, it will help.

edited May 20 '19 at 21:28

Oliver

11,857
2
36
42

answered Feb 05 '18 at 08:13

Bruce

1,718
20
15

score 8 · Answer 14 · answered Aug 27 '17 at 16:04

In my case it happened because I previously had ssh connection with a machine with same ip(say 192.152.51.10) and the system was considering the RSA key(stored in /home/user_name/.ssh/known_hosts) of the previous host which resulted in mismatch.

To resolve this issue, you have to remove previously stored RSA key for the ip 192.152.51.10.

ssh-keygen -f "/home/user_name/.ssh/known_hosts" -R 192.152.51.10

Helton Malambane · Answer 15 · 2020-01-06T07:50:02.067

8

Simple one-liner solution, tested on mac:

sed '/212.156.48.110/d' ~/.ssh/known_hosts > ~/.ssh/known_hosts

Deletes only the target ssh host IP from know hosts.

where 212.156.48.110 is replaced by the target host IP address.

Cause: Happened because the target IP was already known for a different machine due to port forwarding. Deleting the target IP before connecting will fix the issue.

edited Jan 06 '20 at 07:50

answered Jan 06 '20 at 07:25

Helton Malambane

1,147
11
12

score 7 · Answer 16 · edited Aug 10 '17 at 08:06

7

This is because your remote computer settings have changed. Remove your current keys for that.

vim /root/.ssh/known_hosts

Delete the line of the IP you are connecting.

edited Aug 10 '17 at 08:06

Sachith Muhandiram

2,819
10
45
94

answered May 05 '17 at 08:02

miota85

79
1
1

score 7 · Answer 17 · edited Oct 14 '22 at 23:05

7

I use PowerShell in Windows 10 for ssh.
My problem was in the Windows directory: C:\Users\youruser\.ssh
Delete the file known_hosts in that directory to forget the old value.

You may also use use File Explorer to locate and delete the file.

edited Oct 14 '22 at 23:05

James Risner

5,451
11
25
47

answered Mar 05 '21 at 22:05

Boris Karloff

1,190
12
20

score 6 · Answer 18 · answered Jan 08 '18 at 15:25

Remove that the entry from known_hosts using:

ssh-keygen -R *ip_address_or_hostname*

This will remove the problematic IP or hostname from known_hosts file and try to connect again.

From the man pages:

-R hostname
Removes all keys belonging to hostname from a known_hosts file. This option is useful to delete hashed hosts (see the -H option above).

score 5 · Answer 19 · answered Jan 24 '18 at 17:42

Sometimes, if for any reason, you need to reinstall a server, when connecting by ssh we will find that you server say that the identification has changed. If we know that it is not an attack, but that we have reinstated the system, we can remove the old identification from the known_hosts using ssh-keygen:

ssh-keygen -R <host/ip:hostname>
root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old

When connecting again we will ask you to validate the new fingerprint:

ssh -l user <host/ip:hostname>
The authenticity of host '<host/ip:hostname>' can't 
be established.
RSA key fingerprint is 3f:3d:a0:bb:59:24:35:6d:e5:a0:1a:3f:9c:86:81:90.
Are you sure you want to continue connecting (yes/no)? yes

this is the best answer as it actually tells me what is happening and why I am doing it — Stretch, Jan 04 '22 at 01:06

Dr. Mian · Answer 20 · 2019-02-25T21:20:14.060

If you are trying to connect to running docker container on port 2222 with the command and you get the error

mian@tdowrick2~$ ssh pos@localhost -p 2222

Then to solve this problem, on your local computer (i.e. host machine not container) go to cd ~/.ssh/ and open known_hosts file with text editor. Remove the line starting with [localhost]:2222 and save the file. Now try to ssh again

mian@tdowrick2~$ ssh pos@localhost -p 2222

Error will disappear but you have to do it each time the container restart.

score 3 · Answer 21 · answered Sep 26 '17 at 03:24

3

My solution is:

vi ~/.ssh/known_hosts
delete the line that contains your want connected ip.

This is better than delete all of the known_hosts

answered Sep 26 '17 at 03:24

aircraft

25,146
28
91
166

This is the same answer as miota85 below. – Daniel W. Jan 07 '19 at 12:42

score 2 · Answer 22 · answered Jun 27 '16 at 03:50

2

I had this problem, and the reason is very simple, I have a duplicated IP address to ssh login, so after modify this problem, everthing is solved.

answered Jun 27 '16 at 03:50

Fan

31
1

Fortran · Answer 23 · 2017-12-27T15:56:06.393

2

Only client side problem(duplicate key for ip):

Solve variants:

For clear one ip(default port 22):

ssh-keygen -f -R 7.7.7.7

For one ip(non default port):

ssh-keygen -f -R 7.7.7.7:333

Fast clear all ips:

cd ~; rm .ssh/known_hosts

7.7.7.7 - ssh your server ip connect

333 - non standart port

edited Dec 27 '17 at 15:56

answered Apr 22 '17 at 13:22

Fortran

2,218
2
27
33

score 2 · Answer 24 · edited Mar 27 '23 at 03:21

2

My solution on UBUNTU (linux):

1.You have to delete the content from "known_hosts" file which is in /home/YOUR_USERNAME/.ssh/known_hosts

2.Generate a new ssh key like

ssh-keygen -t rsa -C "your.email@example.com" -b 4096

3.Copy-paste your new ssh key in your git repository (gitlab in my case) SSH keys.

It works for me!

edited Mar 27 '23 at 03:21

benson23

16,369
9
19
38

answered Sep 05 '18 at 14:56

Dionis Oros

664
8
12

score 2 · Answer 25 · answered Nov 06 '18 at 05:16

2

Just do:

cd /home/user/.ssh/ -> here user will be your username, i.e. /home/jon/ for example.

Then

gedit known_hosts & and delete the contents inside it.

Now ssh again, it should work.

answered Nov 06 '18 at 05:16

Srivatsan

9,225
13
58
83

score 2 · Answer 26 · answered Nov 19 '18 at 10:14

2

Use this command:

truncate -s 0 /home/SYSTEM_NAME/.ssh/known_hosts

answered Nov 19 '18 at 10:14

Muktesh Kumar

181
2
7

Please add an explanation what the command does and what it does not. – Daniel W. Jan 07 '19 at 10:21
6

Why would you want to truncate the file? You lose all information, even the information you've already verified. This is a bad method to act against a single changed public host key. – Daniel W. Jan 07 '19 at 12:40
Hint: This also deletes all other host information. If you are running automated scripts from your machine (like deployments), they might break because you have to manually reconfirm all host keys. Just to give a warning to other users here who are eager to use the easiest solution. – Mateng Jul 05 '19 at 07:40

score 2 · Answer 27 · answered Nov 25 '20 at 08:33

Simply clear the known_hosts which is present in /home/{username}/.ssh/known_hosts

vi /home/{username}/.ssh/known_hosts

remove every line inside known hosts and exit after that you will be able to login.

OR

run this command

ssh-keygen -R "hostname/ip_address"

GoingMyWay · Answer 28 · 2019-12-21T15:40:11.700

1

I had the same error in my machine, and I clear the known_hosts file, and after that, it works fine.

edited Dec 21 '19 at 15:40

answered Feb 27 '17 at 00:53

GoingMyWay

16,802
32
96
149

1

You don't want to delete your `authorized_keys` when you have a problem with the `known_hosts` file – jeb Dec 20 '19 at 14:08

score 0 · Answer 29 · answered Jan 30 '17 at 13:07

SOLUTION:

1- delete from "$HOME/.ssh/known_hosts" the line referring to the host towards which is impossible to connect.

2- execute this command: ssh-keygen -R "IP_ADDRESSorHOSTNAME" (substitute "IP_ADDRESSorHOSTNAME" with your destination ip or destination hostname)

3- Retry ssh connection (if it fails please check permission on .ssh directory, it has to be 700)

score -1 · Answer 30 · answered Dec 20 '19 at 13:08

-1

AWS EC2.

Find the ip in the message it gives you.

run

vim /home/ec2-user/.ssh/known_hosts

Use the arrow keys to find the ip from the message and click.

dd

This will delete that line then run escape

:wp

This will save then you are good to go.

answered Dec 20 '19 at 13:08

user1503606

3,872
13
44
78

To resolve this issue go to C:\Users\username\.ssh and delete known_hosts file. – kamran khan Jun 21 '23 at 06:23

ssh remote host identification has changed

30 Answers30

Use

Linked