Updating SSH known hosts fingerprints (WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!)

If you’ve previously connected to an ssh server on a machine and reformatted or fundamentally changed the OS in some way, the RSA host key will have changed, causing ssh to throw up an ugly error as exhibited here:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
8b:ff:a1:b5:32:06:4d:fd:2e:2f:67:80:9e:ba:8d:ff.
Please contact your system administrator.
Add correct host key in /home/taylorg/.ssh/known_hosts to get rid of this message.
Offending key in /home/taylorg/.ssh/known_hosts:2
RSA host key for 192.168.1.100 has changed and you have requested strict checking.
Host key verification failed.

All the message says is that the fingerprint for the host that was previously stored no longer matches the target. If you know this is okay and want to clear out the error, the process is very simple – just remove the stored fingerprint.

You have a couple of options how to do this depending on your situation:
The first, preferable method would be to use ssh-keygen with the following syntax:

ssh-keygen -R hostname

Assuming all goes well, you should receive a message similar to this:

/home/taylorg/.ssh/known_hosts updated.

Alternatively, if ssh-keygen is not available for some reason, you can manually update the known_hosts file:

  1. Open up the known hosts file:
    nano ~/.ssh/known_hosts
  2. Delete the line containing the hostname of the server you’re trying to connect to (Ctrl+K). The name should be the left-most item on each line, or use Ctrl+W to search.
  3. Ctrl+O to save the file, then Ctrl+X to exit nano.

Try to ssh again (ssh username@hostname) and you should receive a message akin to the following:

The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.
RSA key fingerprint is 8b:ff:a1:b5:32:06:4d:fd:2e:2f:67:80:9e:ba:8d:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.100' (RSA) to the list of known hosts.

As the last message indicates, the ssh client will store the current fingerprint back into known_hosts, bypassing the warning for future connections.

8 thoughts on “Updating SSH known hosts fingerprints (WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!)

  1. @ Keith Morgan,

    I suggest if you need help understanding how SSH keys work and why you are getting those errors, then try doing a basic linux course. If you are still struggling, you could try stackexchange.com. I don’t think the point of this blog was to help inadequacies like yours or incompetent people. This post helped me and the others who have posted. To post comments like yours shows frustration. Frustration can happen when you don’t know what you are doing. So if you are reading this comment, and having taken a 101 basic linux computer course and still are struggling, just go do something else. You will struggle a whole heap more if you continue get in to other basic concepts.

  2. It’s not working. Hell I cant even get out of this nano…. And if i do and try to ssh back in I get the “warning,, someone id doinf something nasty””” ???? I dont know. I had it working so smooth. Then my xmbc started to give crazy errors about mirrors and dat 1 and 2 . So in my infinate wisdom i uninstalled xmbc and reinstalled/jailbroken atv2. All good but cannot ssh. Not good…

    help please

    Add correct host key in /Users/kgressm/.ssh/known_hosts to get rid of this message.
    Offending key in /Users/kgressm/.ssh/known_hosts:2
    RSA host key for 192.168.1.66 has changed and you have requested strict checking.
    Host key verification failed.

Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current ye@r *