WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED
The REMOTE HOST IDENTIFICATION HAS CHANGED warning means the server’s host key changed. Verify with your admin, then run ssh-keygen -R hostname.
What It Means
The first time you connect to an SSH server, its host key is saved to ~/.ssh/known_hosts. On subsequent connections, SSH compares the server’s key against the stored one. A mismatch triggers this warning and refuses the connection — SSH cannot verify the server is the same machine you connected to before.
Why It Happens
- The server was reinstalled and generated new SSH host keys.
- The server’s IP address was reassigned to a different machine.
- The server’s host key was manually regenerated (e.g., after a security rotation).
- A man-in-the-middle (MITM) attack is intercepting your connection.
- You’re connecting to a load balancer or floating IP that routes to multiple backends.
How to Fix It
1. Verify the key change is legitimate
Contact the server administrator. Ask them to run:
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pubCompare the fingerprint with the one shown in the warning message. If they match, the change is legitimate.
2. Remove the old host key
ssh-keygen -R hostname
ssh-keygen -R 192.168.1.100This removes the offending entry from ~/.ssh/known_hosts. You can specify a hostname or an IP address.
3. Remove the key for a non-standard port
If you connect on a custom port:
ssh-keygen -R [hostname]:2222
ssh-keygen -R [192.168.1.100]:2222Brackets around the hostname are required when using a port number.
4. Connect again and accept the new key
ssh user@hostnameSSH will prompt you to accept the new host key, just like the first connection. Verify the fingerprint with your admin before typing yes.
5. (Advanced) Update the key in known_hosts manually
ssh-keyscan -H hostname >> ~/.ssh/known_hostsssh-keyscan fetches the current host key and appends it. Only do this if you’ve verified the key is correct.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro