When you try to ssh the another remote Linux/Unix machine , you might have encountered with the WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! . This message we have often seen when we work in Linux machines.
In this post we have provided the Reason and Solution on this Warning.
root@tuxworld:/tmp# ssh 10.10.0.16 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is 13:f2:a2:87:ff:79:e5:92:79:b4:10:51:53:c2:fb:60. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /root/.ssh/known_hosts:11 remove with: ssh-keygen -f "/root/.ssh/known_hosts" -R 10.10.0.16 RSA host key for 10.10.0.16 has changed and you have requested strict checking. Host key verification failed. root@tuxworld:/tmp#
Why it happens ?
Answer : Because it is mismatch of fingerprint information which is saved in .known_hosts file in your system with fingerprint value available in Server.
Where is fingerprint info ?
Answer : It is available itself in Error message. Below is the eg. just check in above error message also
The fingerprint for the RSA key sent by the remote host is
13:f2:a2:87:ff:79:e5:92:79:b4:10:51:53:c2:fb:60.
How to Solve – “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED“
You have to delete the particular line from ~/.ssh/known_hosts file.
see the line no. 12 in above message “Offending ECDSA key in /root/.ssh/known_hosts:11“.
In line you are getting number 11 . Hence this is the line no. in known_hosts which you have to delete.
Here we will use vi editor to directly jump into that line number
vi +11 ~/.ssh/known_hosts
Cursor will automatically move to line number you only have to type dd in vi editor to delete the line and then type :wq for save and exit
dd :wq
Or if you forgot to use number in vi command in terminal. After opening the ~/.ssh/known_hosts file type :set nu it will show you line numbers. see below given image.
Now move your cursor with the help of arrow key and reach at the start of line nu. Here in this eg. we will reach to line number 11 .
Then again same step. type dd and :wq to save and exit
dd :wq
Now do ssh to the server,the issue will be gone now. And it will again ask you to accept the fingerprint value to add it in .known_hosts file.
See in the given below screenshot, this time fingerprint value is different (i.e 13:f2:a2:87:ff:79:e5:92:79:b4:10:51:53:c2:fb:60)
Another command to remove key if you have remote ip address,system hostname or FQDN
To remove the ssh key from known_hosts file there is another command.
for eg.
With hostname or FQDN
ssh-keygen -R server1.example.com or ssh-keygen -f "~/.ssh/known_hosts" -R server1.example.com
Example with ip address
ssh-keygen -R 10.0.0.29 or ssh-keygen -f "~/.ssh/known_hosts" -R 10.0.0.29
We have also explained about the SSH key in this post – “How to know public key fingerprint“