3 ways to fix Host key verification failed

Table of Contents

Whenever we connect to a server via SSH, that server’s public key is stored in our home directory. The file is called known_hosts.

When we reconnect to the same server, the SSH connection will verify the current public key matches the one we have saved in our known_hosts file.

If the server’s key has changed since the last time we connected to it, we will receive host key verification failed error (or one similar to it).

In this article, we will share how to fix host key verification failed in 3 ways.

Example of Host key verification failed



Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is x. Please contact your system administrator.
Add correct host key in /home/ec2-user/.ssh/known_hosts to get rid of this message.

Offending RSA key in /home/ec2-user.ssh/known_hosts:222 RSA host key for howtouselinux.com has changed and you have requested strict checking.

Host key verification failed.

Remove old host key info from known_hosts file

Locate our known_hosts file, and open in a general text editor.

The error will often give us the location of the known_hosts file we need to change.

In the example above the offending RSA key is located here: /home/ec2-user.ssh/known_hosts:222

# vi 222 /home/ec2-user.ssh/known_hosts

Once we open the known_hosts straight to line 222 do the following keyboard commands press “ESC dd” to delete the line.

we can save the changes by pressing “esc” and typing “:wq!”.

Fix host key verification failed with ssh-keygen command

Open up a terminal session, and type one of the following, (depending on the method we were trying to SSH with and receiving the error):
ssh-keygen -R hostname

ssh-keygen -R ipaddress

ssh-keygen -f “/home/ec2-user.ssh/known_hosts” -R “”

Fix host key verification failed with ssh stricthostkeychecking options

ssh <device ip address> -o stricthostkeychecking=no

This command removes the old host key for the device in the known_hosts file in the /home/ec2-user.ssh/known_hosts file.

It replaces the old host key with the new host key.


Table of Contents

Share on facebook
Share on twitter
Share on linkedin

You might also like