You try to log in to a server via SSH and get the message “Warning: Remote Host Identification has changed”. We’ll show you here what that means and how you can get rid of the warning so that you can log in again via SSH.
Meaning of the message: “Warning: Remote Host Identification has changed”
The message can be displayed if you want to log in to a computer (host/server) via SSH. In order to understand it exactly, you need to know how an SSH connection is normally established.
SSH fingerprint explained in simple terms
In contrast to HTTPS, with SSH there are no central certificate providers that confirm that you have connected to the correct server. So if you connecting to a server via SSH for the first time, the key offered by the server is still unknown to the client. You will therefore receive the message about the new fingerprint:
The authenticity of host ‚www.beispiel.de (192.168.178.41)‘ can’t be established.
ECDSA key fingerprint is SHA256:782DAg2VFu5wdfOF4RuFW04qMfVbahRfgk4Elsd.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
The fingerprint is intended to ensure that you are will connect to the correct server again in the future (unique identification). Corresponding servers usually have their fingerprint published somewhere, which can then be cross-checked.
The fingerprint is based on the host/server’s SSH public key and is also called “Public Key” called. This is usually located on the server /etc/ssh/ssh_host_rsa_key.pub saved. At the same time, the so-called Private-Key stored on the client, which is used for future logins to the server via SSH. The client creates an entry in the file “known_hosts“, which in Linux, for example, is in the folder /home/
However, this server fingerprint changes with the next connectionyou will get a message like:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
…
Why has the SSH fingerprint changed?
Typically, a server’s fingerprint should not change so easily. If this happens anyway, the following have reasons:
The public key has changed. This is what happens when… Reinstalled SSH on the server became. You are trying to connect to a completely different server, but which has the same domain or IP address. This happens, for example, if you change the microSD card in a Raspberry Pi and then want to log in via SSH to the same IP of the Raspberry. A different public key is stored on the other microSD card. You have been a victim of one Man-in-the-middle-Attacke and someone has redirected your connection attempt to another server, which could thereby access sensitive data such as your username and password. (Attention danger!)
Summary
If you receive a message that the server’s fingerprint has changed, check carefully that you are connecting to the correct server. If SSH has been reinstalled or you know why the fingerprint has changed, you can ignore the message and continue the SSH connection. If you are unsure, you should ask your system administrator or IT technician, if available.
Remote Host Identification has changed: Remove warning and connect via SSH
Only follow the steps below if you are sure you want to connect to the correct server!
If the message “Remote Host Identification has changed” appears, your computer (client) usually refuses the SSH connection to the server. Depending on the server you want to connect to via SSH, a solution will already be displayed under the warning in the terminal. For example, the Raspberry Pi says:
…
Add correct host key in /home/robert/.ssh/know_hosts to get rid of this message.
Offending ECDSA key in /home/robert/.ssh/known_hosts:5
remove with:
ssh-keygen -f “/home/robert/.ssh/known_hosts” -R “192.168.178.41”
…
Remember that you will have a different username and IP address. Change this accordingly for yourself. In the example above, the command is sufficient ssh-keygen -f “/home/robert/.ssh/known_hosts” -R “192.168.178.41” in the terminal and confirm with Enter.
The command removes all (old) SSH keys belonging to the host’s IP address. The -f parameter specifies the associated file where the known hosts are stored on the client. The “-R” parameter removes the entries for the server’s IP 192.168.178.41. In some cases it might just be enough for you ssh-keygen -R 192.168.178.41 or alternatively ssh-keygen -R www.beispiel.de to enter. You will receive the message that the file “known_hosts“ has been updated. A backup copy of the original may also have been created.
You can then establish the SSH connection with the server again. You will receive the message as with the first SSH connection (see above), where the fingerprint is shown. Confirms the connection with “yes” and presses Enter. If you do not have permission to perform the steps above, contact your system administrator.
GIGA recommends
More interesting articles
You don’t want to miss any more news about technology, games and pop culture? No current tests and guides? Then follow us on Facebook or Twitter.