How to fix Remote Host Identification Has Changed error in SSH

SSH by default will check and keep key fingerprint of all the hosts you've connected to in ~/.ssh/known_hosts. You'll get the following warning if the fingerprint changed from the last time you've connected to the host;

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!  @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
51:5b:16:56:a5:cd:9b:1e:11:aa:2b:1c:a2:91:cd:a2.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:1
RSA host key for www.example.com has changed and you have requested strict checking.
Host key verification failed.

You can fix the problem by whether disabling the key check, or have the right key in your ~/.ssh/known_hosts file.

The check is done for security reason. Proceed only if you know exactly what you're into.

Disable key check

To do this temporarily when connecting to a remote server, add the StrictHostKeyChecking no option when running your SSH command as in the example below;

$ ssh -o 'StrictHostKeyChecking no' user@host

To make it permanent and system-wide, edit the SSH client configuration file, and add the following line (if it doesn't already exist)

StrictHostKeyChecking no

The file can normally be found at /etc/ssh/ssh_config and ~/.ssh/config

Update known-hosts file

~/.ssh/known_hosts is where the host keys are stored. A sample entry of the file is as the following

192.168.0.111 ecdsa-sha2-nistp256 AAAAE2DjZHNhLXNoYTItbmlzHHAyNBYAAAAIbmlzdHAyNTYAAABBBInXA+7gb/gR0rOWlxzAvlt1SVEPacQBqRVbkDe7M4eZ3OC/yMXEA0QP8va62rGxvEx0quWf1FROQclyPc0NrT0=
example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoaTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAACBBInXA+7gb/gR0rOWlxzAvlt1SVEP1mQBqRVbkDe7M4eZ3OC/yMXEl0QP8va62rGxvEx0quWf1FROQclYPc0NrT0=
10.0.0.2 ssh-rsa AAAAB3NzaB1yc2EAAAACAQABAAABAQCu9MUCkl0C7pXE//vtoRoxgVFGKOPWxvf1zA0HKYlCl5hR/HL3TTZbmoqA/aet0VLAunetMOkQuSaLDCaJPQQ21DD5db6CMkjAtUkR/xfGKiT8ZWBitBRE4cbBoPVhY9rjMtHlUFGy7pFYOSVau7rBxhsX9F9pIWDDuBEytjl3q5HAF+qBOKrcdEcsMieXVhcEQRo2HkJ4r/8dR0Nxvtq05X3LAj8tFZJ34ClfA7iiALVRCHYxK8VyJHew1jxBJGbnZU/vIndIcHjJO1TftfBOo7wDo1NeVD0UE7dYszu7mvY4tJKaPAgMGIAUScZ7c2BaLGk9gVLXkRzU+zQ6IpYf

Find and remove the line with the hostname or IP address of the offending hosts using your favourite text editor. You can also use ssh-keygen with -R option as in the following example;

$ ssh-keygen -R host