If you have been having problems with your remote host identification, don’t worry – you are not alone. Many people are experiencing this issue right now. Luckily, there are a few ways that you can fix it.
In this blog post, we will discuss three of the best methods for fixing this problem.
Table of Contents
understanding remote host identification in SSH
If you receive the error message “The remote host identification has changed”, it means that the key stored for the host you’re trying to connect to has changed.
This can happen for a variety of reasons but is often caused by connecting to a different server than the one you originally connected to (for example, your server has been rebuilt by a new one).
Whenever we connect to a server via SSH, that server’s public key is stored in our home directory. The file is called known_hosts.
When we reconnect to the same server, the SSH connection will verify the current public key matches the one we have saved in our known_hosts file.
If the server’s key has changed since the last time we connected to it, we will receive this error.
Example of remote host identification has changed
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is x. Please contact your system administrator.
Add correct host key in /home/ec2-user/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/ec2-user.ssh/known_hosts:222 RSA host key for www.howtouselinux.com has changed and you have requested strict checking.
Host key verification failed.
Methods to fix the problem of remote host identification has changed
There are a few different ways that you can fix this problem:
- Manually edit the “~/.ssh/known_hosts” file and remove the old key for the host you’re trying to connect to. This will allow you to connect to the new server without any problems.
- Use the “ssh-keygen -R” command to remove the old key from your “~/.ssh/known_hosts” file.
- Use the “-o StrictHostKeyChecking=no” option when connecting to the server. This will prevent ssh from checking the “~/.ssh/known_hosts” file, and will allow you to connect to the new server.
We will explain details.
Remove old host key info from SSH known_hosts file
If you are having problems with your remote host identification, the first thing you should do is remove the old host key information from your SSH known_hosts file. To do this, follow these steps:
- Open up a terminal window.
- Type in the following command: vi ~/.ssh/known_hosts.
- Search for the hostname with problem
- Press dd to delete this entry
- Save the changes and close the file with :wq!
Remove old host key info with ssh-keygen command
To fix the problem of remote host identification has changed , we can also remove the old host key info with ssh-keygen command.
Open up a terminal session, and type one of the following command.
- ssh-keygen -R hostname
- ssh-keygen -R ipaddress
- ssh-keygen -f “/home/ec2-user/.ssh/known_hosts” -R “192.168.0.106”
By following these steps, you will remove the old host key information from your SSH known_hosts file, and it should fix the problem.
Disable stricthostkeychecking option in SSH command
The stricthostkeychecking option in SSH is a security feature that verifies the host key information for each connection.
If there is a problem with the host key information, the connection will not be allowed to proceed.
This option can be disabled, which will allow the connection to proceed even if there is a problem with the host key information.
- Open up a terminal window.
- Type in the following command: ssh -o StrictHostKeyChecking=no hostname
This command removes the old host key for the device in the known_hosts file and replaces old host key with the new host key.