UCL Department of Electronic and Electrical Engineering
Staff/Student Intranet

Fix SSH "REMOTE HOST IDENTIFICATION HAS CHANGED" error

Why this occurs and how to fix it

This is a warning presented to you when the SSH software detects that you have connected to this hostname or IP address before, but the remote host does not appear to be the same host.

When a linux machine is installed it automatically generates a random set of SSH keys. When you connect to that host via SSH, a copy of the keys will be saved in your account and then compared against that host every time you try to connect. You will see the "REMOTE HOST IDENTIFICATION HAS CHANGED" error if the remote hosts ssh keys are different to the copy you have stored in your account.

The warning is displayed because this can indicate that you are not connecting to the machine that you think you are, but a change in SSH keys can also occur when the remote hosts operating system is reinstalled (usually when upgrading a major version - i.e. from CentOS 6.x to CentOS 7.x), or if a service has been moved to a new host.

The error you see will be something like this:

154 cuppatea.ee.ucl.ac.uk (lee) % ssh ssh
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
fd:a0:fe:a7:5c:04:13:66:b0:18:16:f9:f7:e0:ac:45.
Please contact your system administrator.
Add correct host key in /home/lheagney/.ssh/known_hosts to get rid of this message.
Offending key in /home/lheagney/.ssh/known_hosts:90
RSA host key for ssh has changed and you have requested strict checking.
Host key verification failed.

If you are concerned that you may be connecting to the wrong machine, please contact support@ee.ucl.ac.uk.

If you confident that you are connecting to the correct machine, then read the error message as it does actually tell you how to stop this error message from appearing again!

On a Linux host you will need to edit the file ~/.ssh/known_hosts and remove the line that starts with the hostname or IP address that you attempted to connect to.

This removes the "key" that identifies this host/IP. You will then be able to connect without a warning and the new key will be saved.

You can also delete your locally cached keys for this host by running the command: ssh-keygen -R hostname