Skip to Content

SSH Host key and How to Fix Remote Host Key Has Changed Error

By: Author David Cao

Posted on Last updated:

1 Comment

Categories Linux

In SSH (Secure Shell), the host key is crucial as it uniquely identifies each SSH server.

This key forms the basis for secure, encrypted connections between the server and its clients. When a client connects to an SSH server for the first time, the server’s host key is stored in the client’s known_hosts file.

This key is then used in future connections to authenticate the server’s identity and ensure secure communication.

How to Find the Host Key in Linux

Understanding how to locate the host key of an SSH server in Linux is important for verifying the server’s identity and for troubleshooting purposes.

Finding the Local SSH Server’s Host Key:

  1. Access the SSH Server’s Host Key Files: SSH host keys are typically stored in /etc/ssh/. File names vary based on the key type (e.g., ssh_host_rsa_key.pub, ssh_host_ecdsa_key.pub).
  2. View the Host Key: Use the cat command to display the public part of the host key, for example: 
    cat /etc/ssh/ssh_host_rsa_key.pub

Finding a Remote SSH Server’s Host Key:

Use ssh-keyscan to fetch the public keys of a remote SSH server:

ssh-keyscan [hostname_or_IP]

This command retrieves the public keys for comparison with the known_hosts file.

Remote Host Key Has Changed Error: Explanation and Fix

The “Remote Host Key Has Changed” error in SSH indicates a mismatch between the current server’s host key and the one previously recorded in the client’s known_hosts file.

This discrepancy can occur due to legitimate reasons like a reinstalled operating system or an updated SSH server package. However, it may also signal a potential security threat, such as a man-in-the-middle attack.

How to Fix:

  1. Verify the Change: Confirm the legitimacy of the change in the host key. Investigate further if there’s any doubt about the change’s authenticity.
  2. Remove the Old Host Key: Use the command ssh-keygen -R [hostname_or_IP] to remove the old key from the known_hosts file.
  3. Reconnect to the Server: After removing the old key, reconnect with the command ssh [username]@[hostname_or_IP]. You will be prompted to accept the new host key, which should be carefully verified before acceptance.
  4. Key Re-Added: Once the new key is accepted, it is added to the known_hosts file, securing future connections to the server.

Conclusion:

Resolving the “Remote Host Key Has Changed” error involves verifying the cause of the key change, removing the outdated key, and updating the known_hosts file with the new key.

This process is essential for maintaining the integrity and security of SSH connections.

Fix SSH timed out waiting for input: auto-logout with TMOUT and StopIdleSessionSec Configurations

Obtaining SSH Host Key Fingerprint in Linux

15 SSH Best Practices Every Linux Admin Should Know

5 ways to fix ssh: connect to host port 22: Connection refused

Check Supported MAC Algorithms in SSH Client and Server

Understanding SSH StrictHostKeyChecking Option

By Author David Cao

Posted on Last updated:

Categories Linux

Fixing SSH "No Matching Host Key Type Found" Error - howtouselinux

Saturday 9th of December 2023

[…] SSH Host key and How to Fix Remote Host Key Has Changed Error […]