SSH is a shell-based remote access protocol that is vastly popular with developers and users who want to have remote access to a computer without the need for a graphical user interface or GUI. While SSH has been around for a long time and has performed for countless users without any flaws, it is still hindered by certain errors that can plague the users from time to time. Many of these errors have become staples in the SSH community, and their workarounds are well-known. These errors include firewall incompatibility, the SSH public key not being injected properly, SSH file key mode issues, and of course, the subject of today’s article, the infamous “Warning: Remote Host Identification Has Changed” error.
This error happens on all major operating systems, including Windows, Linux, and macOS. Encountering this error can be particularly annoying as the source of the problem can be a legitimate security concern rather than a mistaken error. This may cause a novice user to wander about for hours trying to fix the error to no avail. In this article, we will go over why and how this happens, the effects it has on your SSH connection, and of course, the solution to the “Warning: Remote Host Identification Has Changed” error. But before we get to all that, let’s start with the basics.
What Is SSH?
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that enables users, especially system administrators, to securely gain access to another computer on an insecure network. SSH is also used to refer to a number of different tools that help with implementing the protocol itself. Secure Shell allows for strong password and authentication public keys, communicating encrypted data between the two devices connected via a network like the internet. SSH is commonly utilized by network admins to remotely manage systems and software, enabling them to gain access to another computer over a certain network, perform commands, and transfer files from one device to another. SSH therefore, refers to both the network protocol as well the set of tools that implement it.
SSH employs the server-client model. It connects an SSH application that displays the session, to a server, which runs the session. Support for these application protocols that are used for emulating terminals and transferring files is commonly included in SSH implementations. The default port for the SSH protocol is the standard TCP port 22.
Devil in the Details: What Causes the Error?
This error mainly happens when the specific fingerprint that the server uses doesn’t match with the stored data in the known_hosts file, then the “Warning: remote host identification has changed” error occurs. This key frequently changes as you change your password or rebuild your VPS host. When these changes are made, your SSH software will detect a change in your connection and display a security error. This is good as it helps you understand if a hacker is attempting an attack against you, for example a man in the middle attack.
During a Man-in-the-middle attack (MITMA), the attacker will place a fabricated SSH server with the identical IP address between your connection and your server. They’ll then redirect the network traffic actual SSH server. This will make the attack slide under the radar and you’ll not be able to detect their spying operation . To guard against such an event, your SSH software will assume that a malicious online attack is not likely. If a hacker intercepts your connection, the server will detect that the unique certificate doesn’t match.
It is important to note that the error could have very real warnings that it is trying to let you know of. Therefore it is advised to not just brush it away as a minor error that needs to be bypassed. The chances of an online intrusion are rather real here, and you need to make sure that there is no MITMA going on against you.
Confronting the Threat: First Steps
We have to be cautious and take into account the fact that there is a factual threat at play here. Therefore we are going to take a few initial steps here to make sure that the error is not caused by an actual threat.
But how can I differentiate between a false alarm and an actual MITMA? You need to always be cautious if there are no obvious reasons to think of a false flag. You have more peace of mind in case you have recently done the following things:
- You have changed your passcode or SSH private key recently.
- Your server has been rebuilt.
- Several remote systems were given an identical IP address.
- You decommissioned your server and then started another with the previous IP.
- Reinstalled or switch your OS.
If any of these are true in your case, then you can be more confident that the error is a false positive and that there are no threats. Of course, you could have done one or several of these things, and forget it as later you attempt to login again to the VPS. If you happen to share a virtual private server with others, another user may have performed these changes without you knowing. If you have any doubts, we recommend that you go for a quick check of the logs of whatever SSH client you’re using. This log page will usually display a complete list of recent major changes done to the server, along with their timestamps. If any of the mentioned actions have taken place in your log recently, then the error is most likely a false red flag.
Once you’re completely sure that the error has no security issue behind it, you can move towards flushing it away. Here we’ll go over how to do so for macOS, Windows, and Linux.
Solution for macOS
The error can be fixed on the Mac using either a premium app like SSH Config Editor or the Terminal. Because the outcomes will be the same, we recommend that you select the option that is most convenient for you.
Our preferred method is to open the file in a Terminal window (or iTerm2 if you use that app) and then open it in a dedicated editor like Nano or vim. This is because it is simple to use and accessible to everyone, regardless of experience level. It will help you to get rid of the Remote Host Identification Has Changed error.
Method 1: Using Nano
Here we will use Nano to quickly access the Terminal and remove the faulty key. Follow the steps.
Step 1: Use Nano and Open the Terminal
First, open your Terminal using whatever method suits you best.
Step 2: Access the “known_hosts” File and Delete the Key.
Run the following command:
This will open a new Nano page which will show you all the keys within the “known_hosts” file. Once again, refer to the error code to find the faulty key and simply delete it.
Method 2: Using MAC Terminal
There is a more direct method to alter the “known_hosts” file if you wish not to use editors such as Nano. Follow the steps.
Step 1: Open the Terminal
On your MAC, open a Terminal tab and run the following command followed by your website or host name. In this example I will use Cloudzy.com to demonstrate:
ssh-keygen -R www.cloudzy.com
Step 2: Remove the Keys
It is important that you manually target the faulty key and remove it from the Terminal. It will not ask you, and if you proceed without specifying, you will lose all the keys. So be careful. After you delete these keys, you should not face the error anymore.
Solution for Windows
We’re going to cover the “Warning: Remote Host Identification Has Changed” error fix for Windows in this section. It is important to note that the error has different solutions depending on whether you are running your SSH connection on Windows’ built-in SSH terminal or if you’re using an SSH client for Windows such as PuTTY. First, let’s go over the first solution, which covers both Windows’ SSH terminal and some SSH clients such as the OpenSSH client. After that, we’ll cover how to fix the error in PuTTY since it is the most popular and commonly used SSH client in the world.
This solution works for the basic Windows SSH Terminal, and some but not all SSH clients. Following the steps to fix remote host identification has changed the error.
Step 1: Accessing the User Folder
First, you need to access your User Folder. To do so, Hold the Windows key and press R. Then type in the following command:
Here, you will see the “.ssh” folder. Head into it and look for the “known_hosts” file. Once you find it, you need to open it with Notepad.
Step 3: Remove the Faulty Key
Inside the “known_hosts” file that you just opened with a notepad, you will see a list of keys that your SSH protocol uses to establish remote access connections. Locate the faulty key using the error code and simply delete it. Close the Notepad and save the changes, and you are done.
Many users prefer to use the PuTTY SSH client. If you are facing this error in PuTTY, the solution is rather different. The overall solution remains the same. However, the keys are stored in a different place. To locate the key that is causing the error, follow the following steps:
Step 1: Open Windows Registry
You can access the Windows Registry in two different ways. The first way is to once again hold the Windows key and press R. This time, however you want to enter this command line:
The second way to access the Windows Registry is to simply click on the windows icon in the bottom left corner and search for “regedit,” and open the program from there. Either case, now you can go to the next step.
Step 2: Find the Keys in Windows Registry
In the top search bar, look for the following directory:
Here, you will again see a list of keys that your PuTTY SSH client uses to establish a remote access connection. Again refer to the error code and find the faulty key. Right-click and simply delete the mentioned key. Congratulations, you have just fixed the “Warning: Remote Host Identification Has Changed” error on PuTTY on your Microsoft Windows.
Solution for Linux
There are three different solutions for the “Warning: Remote Host Identification Has Changed” error. All of these solutions involve using the Linux Terminal on whatever distro you’re using. So bring up the Terminal, and let’s get to putting in some commands.
Method 1:Use SSH-Keygen Commands
This method will have you run three consecutive commands that will use the SSH-Keygen method to quickly fix the error.
Step 1: Run the Commands
In the Terminal, place these three commands one by one in order and press enter after each command to perform them:
Ssh-keygen -R hostname
ssh-keygen -R ipaddress
ssh-keygen -f “~/.ssh/known_hosts” -R “VPS_IP”
This will refresh the “known_hosts” File and eliminate any keys that might be causing the problem.
Method 2: Removing the Old Key
In this method, we will use a text editor of your choice (like nano) to open the “known_hosts” and take care of the faulty key that way. Follow the steps.
Step 1: Open the “known_hosts” File with a Text Editor
Locate your “known_hosts” folder via the Terminal and open it with any text editor that you may have at your disposal. You can use the error itself to locate your folder. Usually, the folder will be in the following directory:
Step 2: Edit the “known_hosts” File
Find line that contain fingerprint of that VPS. Usually you can find it on the error and then remove line, then save and exit from nano.
Now you can close the editor, and your problem will be solved.
Method 3: Using SSH stricthostkeychecking Options
This solution only requires you to enter a simple command once, and then you’ll be done. We are going to be using the SSH stricthostkeycheckinh option for this solution to quickly take care of the “Warning: Remote Host Identification Has Changed” error.
Entering this option ssh command will not check ~/.ssh/known_hosts file so if MITMA happening you’re not going to be aware about it.
Step 1: Run the Command
Simply place the following command in the Terminal and hit Enter:
ssh <device IP address> -o stricthostkeychecking=no
This command will quickly remove the old host key in the “known_hosts” File and replace it with a newly generated key. Following this, you should not face any errors.
Despite its old age, SSH is an increasingly important remote access protocol that enjoys continued use well into 2023. Many VPS providers use SSH as one of the primary remote access protocols to provide their services to their clients. Naturally, if the key used in the SSH connection is compromised in any way, it will be harmful both for the provider as well as the client. So if you encountered the “Warning: Remote Host Identification Has Changed” error, it is vital to take care of it as quickly as possible.
If you use SSH as a remote access protocol a lot, then chances are you also have dealings with VPS. If so, do consider using Cloudzy as your premier VPS provider. Cloudzy’s VPS services have a host of different protocols at their disposal, including SSH and RDP. Cloudzy offers customized VPS packages that come with a host of different OS options pre-configured, from different Linux distros to Windows and even DDoS protected VPS services. Cloudzy offers more than 15 different locations, an uptime of 99.95%, cloud support, minimal latency, dedicated resources, and a guaranteed seven-day money-back guarantee.
Benefit from our affordable VPS hosting for various use-cases, including hosting websites or games, trading, remote desktop server, and app development & testing.
Benefit from our affordable VPS hosting for various use-cases, including hosting websites or games, trading, remote desktop server, and app development & testing.Get a High-efficiency VPS
Should I Take the “Warning: Remote Host Identification Has Changed” Error Seriously?
Yes. This error indicates that your security is compromised and that one of the keys that your SSH protocol is using to establish a remote access connection is potentially corrupted. Unless you have made certain changes to your server or account recently, take the issue seriously and consider yourself under an online attack.
What Causes the “Warning: Remote Host Identification Has Changed” Error?
When the unique fingerprint of your server does not match what was stored in your known_hosts File when you first connected, the “Warning: remote host identification has changed” error occurs. You may have caused this yourself with a recent change, or there may be an actual man-in-the-middle attack happening using a different key than normal, and your SSH client is trying to warn you against it.
Can the “Warning: Remote Host Identification Has Changed” Error Happen on Different Operating Systems?
Yes. This error has to do with the SSH protocol itself, which emphasizes security which is the main reason that this error occurs. The error, therefore, can happen on a host of different OS options and even in cross-platform SSH connections. You can read the guide above to fix it on Linux, Windows, and macOS.