ssh remote host identification has changed

Question

I ve reinstalled my server and I am getting these messages    user hostname     ssh root pong                                                                  WARNING  REMOTE HOST IDENTIFICATION HAS CHANGED                                                                    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY  Someone could be eavesdropping on you right now  man-in-the-middle attack   It is also possible that a host key has just been changed  The fingerprint for the RSA key sent by the remote host is 6e 45 f9 a8 af 38 3d a1 a5 c7 76 1d 02 f8 77 00  Please contact your system administrator  Add correct host key in  home hostname   ssh known hosts to get rid of this message  Offending RSA key in  var lib sss pubconf known hosts 4 RSA host key for pong has changed and you have requested strict checking  Host key verification failed    I have tried various solutions that I found on the Internet  My known hosts file  normally in    ssh known hosts  is in  var lib sss pubconf known hosts  I ve tried to edit it  but it remains in one state  I have installed ipa-client and have Fedora 19  How do I resolve this warning   All the answers answered so far work only if you do not have Freeipa installed   The right answer for freeipa in comments below from adrin is here

User · Answer

For Mac users  you can use the -R flag of the ssh-keygen command  Quick example   ssh-keygen -R THE IP ADDRESS   THE IP ADDRESS being the IP you re trying to ssh into  And then you can connect fine

User · Answer

Simply clear the known hosts which is present in  home  username   ssh known hosts vi  home  username   ssh known hosts   remove every line inside known hosts and exit after that you will be able to login  OR run this command ssh-keygen -R  quot hostname ip address quot

User · Answer

Only client side problem duplicate key for ip    Solve variants   For clear one ip default port 22    ssh-keygen -f -R 7 7 7 7   For one ip non default port    ssh-keygen -f -R 7 7 7 7 333   Fast clear all ips   cd    rm  ssh known hosts   7 7 7 7 - ssh your server ip connect  333 - non standart port

User · Answer

If you are trying to connect to running docker container on port 2222 with the command and you get the error  mian tdowrick2   ssh pos localhost -p 2222   Then to solve this problem  on your local computer  i e  host machine not container  go to cd    ssh  and open known hosts file with text editor  Remove the line starting with  localhost  2222 and save the file  Now try to ssh again     mian tdowrick2   ssh pos localhost -p 2222   Error will disappear but you have to do it each time the container restart

User · Answer

I had the same error in my machine  and I clear the known hosts file  and after that  it works fine

User · Answer

I had this same error occur after I recreated a Digital Ocean Ubuntu image  I used the following command with my server IP in place of  IP ADDRESS   ssh-keygen -R  IP ADDRESS

User · Answer

updated your ssh key  getting the above message is normal  Just edit    ssh known hosts and delete line 4  as the message pointed you Offending RSA key in  Users isaacalves  ssh known hosts 4  or use ssh-keygen to delete the invalid key ssh-keygen -R  quot you server hostname or ip quot

User · Answer

I had this problem  and the reason is very simple  I have a duplicated IP address to ssh login  so after modify this problem  everthing is solved

User · Answer

When you reinstall the server its identity changes  and you ll start to get this message  Ssh has no way of knowing whether you ve changed the server it connects to  or a server-in-the-middle has been added to your network to sniff on all your communications - so it brings this to your attention   Simply remove the key from known hosts by deleting the relevant entry   sed  4d  -i  var lib sss pubconf known hosts   The 4d is on the account of Offending RSA    known hosts 4

User · Answer

Simple one-liner solution  tested on mac   sed   212 156 48 110 d     ssh known hosts  gt     ssh known hosts   Deletes only the target ssh host IP from know hosts   where 212 156 48 110 is replaced by the target host IP address   Cause  Happened because the target IP was already known for a different machine due to port forwarding  Deleting the target IP before connecting will fix the issue

User · Answer

AWS EC2   Find the ip in the message it gives you   run  vim  home ec2-user  ssh known hosts   Use the arrow keys to find the ip from the message and click   dd   This will delete that line then run escape   wp   This will save then you are good to go

User · Answer

As many have already said  use ssh-keygen  i e   ssh-keygen -R pong   Also  you may like to consider temporarily turning off host key checking   ssh -oStrictHostKeyChecking no root pong

User · Answer

In my case it happened because I previously had ssh connection with a machine with same ip say 192 152 51 10  and the system was considering the RSA key stored in  home user name  ssh known hosts  of the previous host which resulted in mismatch   To resolve this issue  you have to remove previously stored RSA key for the ip 192 152 51 10   ssh-keygen -f   home user name  ssh known hosts  -R 192 152 51 10

User · Answer

The sledgehammer is to remove every known host in one fell swoop   rm    ssh known hosts     I come up against this as we use small subnets of short-lived servers from a jump box  and frequently have internal IP address reuse of servers that share the same ssh key

User · Answer

Works for me   Error  Offending RSA key in  var lib sss pubconf known hosts 4  This indicates you have an offending RSA key at line no  4 Solution 1   1  vi  var lib sss pubconf known hosts 2  remove line no  4  3  Save and Exit  and Retry   Solution 2   ssh-keygen -R  quot you server hostname or ip quot   OR Solution 3   sed -i  4d   root  ssh known hosts  This will remove 4th line of  root  ssh known hosts in place -i

User · Answer

SOLUTION   1- delete from   HOME  ssh known hosts  the line referring to the host towards which is impossible to connect   2- execute this command  ssh-keygen -R  IP ADDRESSorHOSTNAME   substitute  IP ADDRESSorHOSTNAME  with your destination ip or destination hostname   3- Retry ssh connection  if it fails please check permission on  ssh directory  it has to be 700

User · Answer

Edit  home hostname   ssh known hosts and delete the 4 lines  and save it    Then run ssh root pong again  you will see message like this Are you sure you want to continue connecting  yes no   yes  just print yes      Note  If you got some problem  read the hints first  it will help

User · Answer

Sometimes  if for any reason  you need to reinstall a server  when connecting by ssh we will find that you server say that the identification has changed  If we know that it is not an attack  but that we have reinstated the system  we can remove the old identification from the known hosts using ssh-keygen   ssh-keygen -R  lt host ip hostname gt  root  ssh known hosts updated  Original contents retained as  root  ssh known hosts old   When connecting again we will ask you to validate the new fingerprint   ssh -l user  lt host ip hostname gt  The authenticity of host   lt host ip hostname gt   can t  be established  RSA key fingerprint is 3f 3d a0 bb 59 24 35 6d e5 a0 1a 3f 9c 86 81 90  Are you sure you want to continue connecting  yes no   yes

User · Answer

Here is the simplest solution   ssh-keygen -R  lt host gt    For example   ssh-keygen -R 192 168 3 10   From ssh-keygen man page    -R hostname Removes all keys belonging to hostname from a known hosts file   This option is useful to delete hashed hosts  see the -H option above

User · Answer

This is because your remote computer settings have changed  Remove your current keys for that   vim  root  ssh known hosts   Delete the line of the IP you are connecting

User · Answer

I used the solution of mockinterface  though the sed -i didn t quite work I solved it by deleting the line by hand with vim   sudo vim  var lib sss pubconf known hosts   You can use any other text editor you want  but probably you ll need to show your administrative privileges

User · Answer

Just do   cd  home user  ssh  -  here user will be your username  i e   home jon  for example    Then   gedit known hosts  amp  and delete the contents inside it    Now ssh again  it should work

User · Answer

The other answers here are good and working  anyway  I solved the problem by deleting    ssh known hosts  This certainly solves the problem  but it s probably not the best approach

User · Answer

Remove that the entry from known hosts using   ssh-keygen -R  ip address or hostname    This will remove the problematic IP or hostname from known hosts file and try to connect again   From the man pages      -R hostname   Removes all keys belonging to hostname from a known hosts file  This option is useful to delete hashed hosts  see the -H option   above

User · Answer

The problem is that you ve previously accepted an SSH connection to a remote computer and that remote computer s digital fingerprint or SHA256 hash key has changed since you last connected  Thus when you try to SSH again or use github to pull code  which also uses SSH  you get an error  Why  Because you re using the same remote computer address as before but the remote computer is responding with a different fingerprint  Therefore  it s possible that someone is spoofing the computer you previously connected to  This is a security issue    If you re 100  sure that the remote computer isn t compromised  hacked  being spoofed  etc then all you need to do is delete the entry in your known hosts file for the remote computer  That will solve the issue as there will no longer be a mismatch with SHA256 fingerprint IDs when connecting   On Mac here s what I did   1  Find the line of output that reads RSA host key for servername port has changed and you have requested strict checking  You ll need both the servername and potentially port from that log output   2  Back up the SSH known hosts file cp  Users yourmacusername  ssh known hosts  Users yourmacusername  ssh known hosts bak  3  Find the line where the computer s old fingerprint is stored and delete it  You can search for the specific offending remote computer fingerprint using the servername and port from step  1  nano  Users yourmacusername  ssh known hosts  4  CTRL-X to quit and choose Y to save changes  Now type ssh -p port servername and you will receive the original prompt you did when you first tried to SSH to that computer  You will then be given the option to save that remote computer s updated SHA256 fingerprint to your known hosts file  If you re using SSH over port 22 then the -p argument is not necessary   Any issues you can restore the original known hosts file  cp  Users yourmacusername  ssh known hosts bak  Users yourmacusername  ssh known hosts

User · Answer

My solution on UBUNTU  linux    1 You have to delete the content from  known hosts  file which is in   home YOUR USERNAME  ssh known hosts    2 Generate a new ssh key like  ssh-keygen -t rsa -C  your email example com  -b 4096   3 Copy-paste your new ssh key in your git repository  gitlab in my case  SSH keys   It works for me

User · Answer

Use this command   truncate -s 0  home SYSTEM NAME  ssh known hosts

User · Answer

My solution is    vi    ssh known hosts delete the line that contains your want connected ip    This is better than delete all of the known hosts

User · Answer

Use  ssh-keygen -R  hostname    Example with an ip address hostname would be   ssh-keygen -R 168 9 9 2   This will update the offending of your host from the known hosts  You can also provide the path of the known hosts with -f flag

[ssh] ssh remote host identification has changed

Examples related to ssh

Examples related to verification

Examples related to ipa

Examples related to man-in-the-middle