Fix Remote Host Identification Has Changed error in SSH

SSH by default will check and keep key fingerprint of all the hosts you've connected to in ~/.ssh/known_hosts. You'll get the following warning if the fingerprint changed from the last time you've connected to the host;


Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:1
RSA host key for has changed and you have requested strict checking.
Host key verification failed.

You can fix the problem by whether disabling the key check, or have the right key in your ~/.ssh/known_hosts file.

The check is done for security reason. Proceed only if you know exactly what you're into.

Disable key check

To do this temporarily when connecting to a remote server, add the StrictHostKeyChecking no option when running your SSH command as in the example below;

$ ssh -o 'StrictHostKeyChecking no' user@host

To make it permanent and system-wide, edit the SSH client configuration file, and add the following line (if it doesn't already exist)

StrictHostKeyChecking no

The file can normally be found at /etc/ssh/ssh_config and ~/.ssh/config

Update known-hosts file

~/.ssh/known_hosts is where the host keys are stored. A sample entry of the file is as the following ecdsa-sha2-nistp256 AAAAE2DjZHNhLXNoYTItbmlzHHAyNBYAAAAIbmlzdHAyNTYAAABBBInXA+7gb/gR0rOWlxzAvlt1SVEPacQBqRVbkDe7M4eZ3OC/yMXEA0QP8va62rGxvEx0quWf1FROQclyPc0NrT0= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoaTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAACBBInXA+7gb/gR0rOWlxzAvlt1SVEP1mQBqRVbkDe7M4eZ3OC/yMXEl0QP8va62rGxvEx0quWf1FROQclYPc0NrT0= ssh-rsa AAAAB3NzaB1yc2EAAAACAQABAAABAQCu9MUCkl0C7pXE//vtoRoxgVFGKOPWxvf1zA0HKYlCl5hR/HL3TTZbmoqA/aet0VLAunetMOkQuSaLDCaJPQQ21DD5db6CMkjAtUkR/xfGKiT8ZWBitBRE4cbBoPVhY9rjMtHlUFGy7pFYOSVau7rBxhsX9F9pIWDDuBEytjl3q5HAF+qBOKrcdEcsMieXVhcEQRo2HkJ4r/8dR0Nxvtq05X3LAj8tFZJ34ClfA7iiALVRCHYxK8VyJHew1jxBJGbnZU/vIndIcHjJO1TftfBOo7wDo1NeVD0UE7dYszu7mvY4tJKaPAgMGIAUScZ7c2BaLGk9gVLXkRzU+zQ6IpYf

Find and remove the line with the hostname or IP address of the offending hosts using your favourite text editor. You can also use ssh-keygen with -R option as in the following example;

$ ssh-keygen -R host

Sign up for Complete Secure Shell Course and many other great courses on Udemy to learn more.

Complete Secure Shell Course

This course is made for Linux admins who seek to secure their Linux work environment by mastering Linux SSH security!

Written by Mohd Shakir Zakaria. Last updated on 2019-02-12