Remote host identification has changed

Fix Error – Warning: “Remote Host Identification Has Changed”

SSH is a shell-based remote access protocol that is widely popular with developers and users who want to gain remote access to computers without the need for a graphical user interface or GUI.

Although SSH has been around for a long time and has performed flawlessly for countless users, it is still hampered by certain bugs that can frustrate users from time to time.

Many of these errors have become staples of the SSH community and their solutions are well known These errors include firewall inconsistencies, SSH public keys not being injected correctly, SSH file key mode problems, and of course, the subject of today’s post, the infamous “WARNING: Remote host identification has changed” error.

This error occurs on all major operating systems, including Windows, Linux, and macOS. Encountering this error can be particularly annoying because the source of the problem may be a legitimate security concern rather than a bug. This results in a novice user spending hours trying to fix errors to no avail. In this article, we’ll discuss why and how this happens, its impact on your SSH connection, and of course, how to fix the “Warning: Remote host identification has changed” error. But before we get to all that, let’s start with the basics.

What Is SSH?

SSH, also known as Secure Shell or Secure Sockets Shell, is a network protocol that enables users, especially system administrators, to securely access other computers on an unsecured network.

SSH is also used to refer to a number of different tools that help implement the protocol itself. Secure Shell allows for strong password and public key authentication, communicating encrypted data between two devices connected over a network such as the Internet. It’s commonly used by network administrators to remotely manage systems and software, enabling them to access other computers over a specific network, execute commands, and transfer files from one device to another.

SSH, therefore, refers to both the network protocol as well as the set of tools that implement it. SSH employs a server-client model. It connects an SSH application, which displays the session, to a server, which runs the session. Support for these application protocols used for terminal emulation and file transfer is usually included in SSH implementations. The default port for SSH protocol is standard TCP port 22.

What is the cause of the error?

This error mainly occurs when the fingerprint specified by the server does not match the data stored in the known_hosts file, then the “WARNING: remote host identification has changed” error occurs. This key frequently changes when you change your password or rebuild your VPS host. If these changes are made, your SSH software will detect a change in your connection and display a security error This is good because it helps you understand if a hacker is trying to attack you, for example, a man-in-the-middle attack.

During a man-in-the-middle attack (MITMA), the attacker will place a fake SSH server with an identical IP address between your connection and your server. They will then redirect network traffic to the actual SSH server. This will make the attack slide under the radar and you won’t detect their spying. To protect against such events, your SSH software will assume that a malicious online attack is unlikely If a hacker intercepts your connection, the server will detect that the unique certificate does not match.

It is important to note that the error may have a very real warning that it is trying to tell you So it is advised not to brush it off as just a minor flaw that needs to be bypassed The possibility of an online intrusion is quite real here, and you need to make sure there is no MITMA running against you.

Countering the threat: The first step

We have to be careful and keep in mind that there are real threats at play here. So here we are going to take some preliminary steps to ensure that the error is not caused by a genuine threat.

But how can I distinguish between a false alarm and a real MITMA? You should always be cautious unless there is an obvious reason to suspect a false flag. You will have more peace of mind if you have recently done the following:

  • You have recently changed your passcode or SSH private key
  • Your server has been rebuilt.
  • Several remote systems were assigned an identical IP address.
  • You decommissioned your server and then started another one with the previous IP.
  • Reinstall or switch your OS.

If any of these are true for you, you can be more confident that the error is a false positive and that there is no threat. Of course, you can do one or more of these things, and forget about it later when you try to log back into the VPS. If you share a virtual private server with others, other users may have made these changes without your knowledge. If you have any doubts, we recommend that you quickly check the logs of the SSH client you are using. This log page will usually display a complete list of recent major changes made to the server, along with their timestamps. If any of the above actions have occurred recently in your log, the error is likely a false red flag.

Once you are absolutely sure that there is no security issue behind the error, you can move on to removing it. Here we’ll go over how to do that for macOS, Windows, and Linux.

Solution for macOS

The error can be fixed on Mac using a premium app like SSH Config Editor or Terminal. Because the results will be the same, we recommend that you select the option that is most convenient for you. Our preferred approach is to open the file in a Terminal window (or iTerm2 if you use that app) and then open it in a dedicated editor like Nano or Vim. This is because it is easy to use and accessible to everyone, regardless of experience level. This will help you get rid of Remote Host Identification Has Changed error.

Method 1: Using Nano

Here we will use Nano to quickly access the terminal and remove the corrupted key. Follow the steps.

Step 1: Use Nano and open Terminal

First, open your terminal using whichever method suits you best.

Step 2: Access the file “known_hosts” and delete the key.

Run the following command:

nano ~/.ssh/known_hosts

This will open a new nano page that will show you all the keys in the “known_hosts” file. Again, read the error code to find the faulty key and simply delete it.

Method 2: Using MAC Terminal

If you don’t want to use an editor like nano, there is a more direct method to modify the “known_hosts” file. Follow the steps.

Step 1: Open the Terminal

On your MAC, open a Terminal tab and run the following command followed by your website or hostname. In this example I will use oudel.com to demonstrate:

ssh-keygen -R www.oudel.com

Step 2: Remove the keys

It is important that you manually note the faulty key and remove it from the terminal It will not ask you, and if you proceed without specifying, you will lose all keys So be careful. After you delete these keys, you should no longer encounter the error.

Solution for Windows

We are going to cover “Warning: Remote host identification has changed” error fix for Windows in this section. It’s important to note that there are different solutions to the error depending on whether you’re running your SSH connection in Windows’ built-in SSH terminal or whether you’re using an SSH client for Windows like Putty. First, let’s go over the first solution, which covers both the SSH terminal on Windows and some SSH clients such as the OpenSSH client. Next, we will cover how to fix the error in Putty as it is the most popular and commonly used SSH client in the world.

Vanilla

This solution works for basic Windows SSH terminals and some but not all SSH clients. Following the steps to fix remote host detection fixed the error.

Step 1: Accessing the user folder

First, you need to access your user folder. To do this, hold down the Windows key and press R. Then type the following command:

%USERPROFILE%

Step 2: Navigate to “known_hosts”.

Here, you will see the “.ssh” folder. Go to it and look for the “known_hosts” file. Once you find it, you have to open it with a notepad.

Step 3: Remove the faulty key

Inside the “known_hosts” file that you open with Notepad, you’ll see a list of keys that your SSH protocol uses to establish remote access connections. Identify the faulty key using the error code and delete it. Close Notepad and save the changes and you’re done.

PuTTY

Many users prefer to use Putty SSH client. If you encounter this error in Putty, the solution is rather different. The overall solution remains the same. However, the key is stored in a different location. To identify the key causing the error, follow these steps:

Step 1: Open the Windows Registry

There are two different ways you can access the Windows Registry. The first way is to hold the Windows key again and press R. This time, however, you’ll want to type this command line:

regedit

The second way to access the Windows Registry is to click on the Windows icon in the lower left corner and search for “regedit” and open the program from there. In any case, now you can move on to the next step.

Step 2: Find the keys in the Windows Registry

In the top search bar, find the following directory:

hkey_current_user/Software/SimonTatham/PuTTY/SshHostKeys/

Here, you’ll again see a list of the keys that your Putty SSH client uses to establish a remote access connection. Read the error code again and find the faulty key. Right-click and delete the mentioned key. Congratulations, you have fixed the “Warning: Remote host identification has changed” error in Putty on your Microsoft Windows.

Solution for Linux

There are three different solutions to the “Warning: Remote host identification has changed” error All of these solutions involve using a Linux terminal on the distro you’re using. So bring up Terminal, and let’s run some commands.

Method 1: Use the SSH-Keygen command

This method requires you to run three commands in a row which will quickly fix the error using the SSH-Keygen method.

Step 1: Run the Commands

In Terminal, put these three commands in sequence and press Enter after each command to execute them:

Ssh-keygen -R hostname
ssh-keygen -R ipaddress
ssh-keygen -f “~/.ssh/known_hosts” -R “VPS_IP”

This will refresh the “known_hosts” file and remove any keys that may be causing the problem.

Method 2: Removing the Old Key

In this system, we’ll use a text editor of your choice (such as Nano) to open “known_hosts” and take care of the faulty key that way. Follow the steps.

Step 1: Open “known_hosts” file with a text editor

Locate your “known_hosts” folder via Terminal and open it with any text editor you have handy. You can use the error itself to identify your folder. Typically, the folder will be in the following directory:

~/.ssh/known_hosts.

Step 2: Edit the “known_hosts” File

nano ~/.ssh/known_hosts

Find the line that contains the fingerprint of that VPS. Usually, you can find it in the error and then remove the line, then save and exit Nano.

Now you can close the editor, and your issues will be resolved.

Method 3: Using SSH stricthostkeychecking Options

This solution only requires you to enter a simple command once and then you’re done. We are going to use the SSH stricthostkeycheckinh option for this solution to quickly take care of the “Warning: The remote host identification has changed” error. Entering this option will cause the ssh command not to check the ~/.ssh/known_hosts file so you won’t be aware of MITMA if it occurs.

Step 1: Run the Command

Simply put the following command in Terminal and press Enter:

ssh <device IP address> -o stricthostkeychecking=no

This command will quickly remove the old hosts key in the “known_hosts” file and replace it with a newly created key. Following this, you should not face any error.

Conclusion

Despite its age, SSH is an increasingly important remote access protocol that will enjoy continued use until 2023. Many VPS companies use SSH as one of the primary remote access protocols to provide their services to their customers. Naturally, if the key used in the SSH connection is somehow compromised, it will be detrimental to both the provider as well as the client. So if you encounter “Warning: The remote host identification has changed” error, it’s very important to take care of it as soon as possible.