Warning: Remote Host Identification Has Changed error and solution
Q. When I run ssh command I get an error
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5c:9b:16:56:a6:cd:11:10:3a:cd:1b:a2:91:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:1
RSA host key for ras.mydomain.com has changed and you have requested strict checking.
Host key verification failed.
How do I get rid of this message?
A. If you have reinstalled Linux or UNIX with OpenSSH, you will get above error. To get rid of this problem:
Solution #1: Add correct host key in /home/user/.ssh/known_hosts
It’s not necessary to delete the entire known_hosts file, just the offending line in that file. For example if you have 3 server as follows.
myserver1.com,64.2.5.111 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA11FV0EnGahT2EK8qElocjuHTsu1jaCfxkyIgBTlxlrOIRchb2pw8IzJLOs2bcuYYfa8nSXGEcWyaFD1ifUjfHelj94AAAAB3NzaC1yc2EAAAABIwAAAIEA11FV0E
nGahT2EK8qElocjuHTsu1jaCfxkyIgBTlxlrOIRchb2pw8IzJLOs2bcuYYfa8nSXGEcWyaFD1ifUjfHelj94H+uv304/ZDz6xZb9ZWsdm+264qReImZzruAKxnwTo4dcHkgKXKHeefnBKyEvvp/2ExMV9WT5DVe1viVwk=
myserver2.com,125.1.12.5 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAtDiERucsZzJGx/1kUNIOYhJbczbZHN2Z1gCnTjvO/0mO2R6KiQUP4hOdLppIUc9GNvlp1kGc3w7B9tREH6kghXFiBjrIn6VzUO4uwrnsMbnAnscD5EktgI7fG4ZcNUP 5+J7sa3o+rtmOuiFxCA690DXUJ8nX8yDHaJfzMUTKTGxQz4M/H2P8L2R//qLj5s3ofzNmgSM9lSEhZL/IyI4NxHhhpltYZKW/Qz4M/H2P8L2R//qLj5s3ofzNmgSM9lSEhZL/M7L0vKeTObue1SgAsXADtK3162a/Z6MGnAazIviHBldxtGrFwvEnk82+GznkO3IBZt5vOK2heBnqQBfw=
myserver3.com,125.2.1.15 ssh-rsa
5+J7sa3o+rtmOuiFxCA690DXUJ8nX8yDHaJfzMUTKTGx0lVkphVsvYD5hJzm0eKHv+oUXRT9v+QMIL+um/IyI4NxHhhpltYZKW
as3533dka//sd33433////44632Z6MGnAazIviHBldxtGrFwvEnk82/Qz4M/H2P8L2R//qLj5s3ofzNmgSM9lSEhZL/M7L0vKeTObue1SgAsXADtK3162a/Z6MGnAazIviHBldxtGrFwvEnk82+GznkO3IBZt5vOK2heBnqQBfw==
To delete 2nd server (myserver.com), open file:
# vi +2 .ssh/known_hosts
And hit dd command to delete line. Save and close the file. Or use following
$ vi ~/.ssh/known_hosts
Now go to line # 2, type the following command
:2Now delete line with dd and exit:
dd
Solution 2: Just delete the known_hosts file If you have only used one ssh server :
$ cd
$ rm .ssh/known_hosts
$ ssh ras.mydomain.com
Now you should be able to connect your server via ssh.
E-mail this to a friend
Printable version
Related Other Helpful FAQs:
- Ubuntu / Debian Linux Regenerate OpenSSH Host Keys
- Warning, got duplicate tcp line - netstat error and solution
- Error: Couldn’t open display (null) and solution
- How To Reuse SSH Connection To Speed Up Remote Login Process
- Linux Mail Delivery Failed With DNS Service Unavailable Error and Solution
Discussion on This FAQ
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
October 5th, 2006 at 4:07 pm
It’s not necessary to delete the entire known_hosts file, just the offending line in that file.
Using your example, all you need to do is:
vi ~/.ssh/known_hosts
1G
dd
:wq
And done. This is helpful if you manage a large group of servers and have *many* keys cached. If you delete the entire file, you will br prompted to add the server’s key on each connection attempt.
October 5th, 2006 at 9:37 pm
Chris,
Good point / tip, if I have 100’s of ssh server; it will be a problem for me.
Appreciate your post.
November 26th, 2007 at 2:24 am
The right way to do this is with “ssh-keygen -R ip-address”.
–Amos
January 23rd, 2008 at 1:06 pm
Theres actually a script that does this at
http://blog.hacker.dk/2008/01/script-to-fix-ssh-host-identification-changed/
Aparently it doesnt use the sshkeygen, but it does the work nicely and easy:
script
February 17th, 2008 at 10:44 pm
thanks Amos for the correct way to update rsa host keys.
March 3rd, 2008 at 5:38 am
Thanks for nice solution.
The above mentioned problem I face when remote computer completely formated and they give us again ssh connection. And because of RSA digital signature of computer identification the local computer does not accept the remote computer (as I think).
Once again thanks for solution.
Regards,
Deepen
June 20th, 2008 at 3:14 pm
Thanks, your solution worked for my SSH login. Currently still can’t log in properly through my ltsp server. It says it is checking the password and then ends the session. I definitely have a link to the server (i.e. and address) Any ideas about this? Thank-you in advance.