Mac OS X Remove SSH Known Host

Author: Vivek Gite Last updated: December 27, 2020 14 comments
I‘ve reinstalled Linux on remote server and now trying to connect it over ssh using Mac OS X:
ssh user@server1.example.com

But I’m getting an error which read as follows:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5c:9b:16:56:a6:cd:11:10:3a:cd:1b:a2:91:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /Users/user/.ssh/known_hosts to get rid of this message.
Offending key in /Users/user/.ssh/known_hosts:1
RSA host key for server1.example.com has changed and you have requested strict checking.
Host key verification failed.

How do I fix this problem under Mac OX X?

You need to run the following command to get rid of this problem. Open the terminal application and then type the following command on your macOS Unix system:

ssh-keygen -R server-name
ssh-keygen -R server.ip.addre.ss
ssh-keygen -R 202.54.1.5
ssh-keygen -R server1.example.com
## for non-standard ssh port ##
ssh-keygen -R 'server1.example.com:PORT'
ssh-keygen -R 'server1.example.com:4122'

Fig.01: Removing /Users/user/.ssh/known_hosts file

We pass the -R option to the ssh-keygen command to remove all keys belonging to the specified hostname (with optional port number) from a known_hosts file. This option is useful to delete hashed hosts. We have ~/.ssh/known_hosts file which contains a list of host keys for all hosts the user has logged into that are not already in the systemwide list of known host keys.

Test it

Now you can connect to remote host with ssh or sftp or scp command:

ssh user@server1.example.com
ssh -p user@server1.example.com

Use -p Port to connect to on the remote host using given Port. This can be specified on a per-host basis in the configuration file such as ~/.ssh/config.

Getting help

The ssh-keygen command generates, manages and converts authentication keys for ssh. The ssh-keygen can create keys for use by SSH protocol version 2 and do other stuff for use. Hence, read the man page by typing the following commands:
man ssh-keygen
man ssh
man sshd


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 14 comments so far... add one


Related Tutorials
CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
14 comments… add one
  • Chichi Latté Apr 11, 2012 @ 13:05

    Much appreciated Vivek, this worked for me no probs!

    Reply Link
  • Bike Jerry Dec 30, 2012 @ 16:45

    This helped me out as well – thank you, happy new year!

    Reply Link
  • Craig May 28, 2013 @ 8:26

    Didn’t work for me, showed exactly what you said it would but when I try to SSH in it continues to show the original message… :-(

    Reply Link
  • Ian Jul 21, 2013 @ 11:29

    Thanks for this. Had two ftp sites that Coda refused to connect to, but Cyberduck was happy with.

    Reply Link
  • Hugo Aug 28, 2014 @ 3:44

    Worked great! Thank you!!

    Reply Link
  • Cyril Sep 12, 2014 @ 21:36

    I was having the same problem as I was setting up a lots of routers with the same IP over ssh. What worked for me was to remove known_hosts file which is stored in ~/.ssh/knonw_host. So what I did was updating my /etc/bashrc file with the following lines:

    rmknownhosts()
    {
    rm ~/.ssh/known_hosts
    }

    Than when this message appeared I simply typed rmknownhosts and delete the file.

    I don`t know if this is right step to deal with that. But it definitely worked for me.

    Hope that helps.

    Reply Link
  • Lou Sep 14, 2014 @ 6:01

    Worked for me… I just needed to clear the 1 entry of “[myserver].com”
    ssh-keygen -R [myserver].com

    Reply Link
  • Bogdan Nov 20, 2014 @ 10:24

    Great, exactly what I needed quick and simple. Thank you!

    Reply Link
  • James May 27, 2015 @ 15:58

    Unfortunately I don’t think this command actually did anything.

    Reply Link
  • Jan Jul 17, 2015 @ 16:28

    Thanks!

    Reply Link
  • Sai Aug 20, 2015 @ 17:50

    It worked by using the following commands:

    cd /Users/Username/.ssh/Known_hosts
    ssh-keygen -R domain-name
    ssh-keygen -R server

    Thanks

    Reply Link
  • Sue May 16, 2016 @ 23:22

    You saved me today. Thanks, it worked for me under a complicated situation. Thanks.

    Reply Link
  • Noel Whitemore Dec 27, 2020 @ 18:16

    If your host uses a non-standard SSH port number then you might need to explicitly state the domain name and port number when using the ssh-keygen command, like this:

    ssh-keygen -R '[mydomain.com]:2222'

    On my machine, using

    ssh-keygen -R mydomain.com

    reported that the known_hosts file had been updated (i.e. it looks like it worked) but no changes had actually been made.

    Reply Link
    • 🐧 Vivek Gite Dec 27, 2020 @ 19:40

      I see. Makes sense. Thank you for the feedback.

      Reply Link

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum

Next FAQ:

Previous FAQ:

FEATURED ARTICLES

Sign up for my newsletter