How to solve “remote host identification has changed”?

Connecting to a remote server through SSH can sometimes lead to frustrating errors, one of which is the dreaded "Remote host identification has changed" warning. This warning can be alarming, but it’s crucial for security purposes as it helps protect against potential man-in-the-middle attacks. In this article, we’ll cover the causes behind this error, why it’s shown, and how to fix it.

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
3d:1b:02:9e:b2:b8:f0:f7:c6:4f:94:96:f6:e3:c0:d1.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:8
RSA host key for HOST has changed and you have requested strict checking.Host key verification failed.

In this short and sweet article, we will discuss everything about this warning including the major causes, why this warning is shown and how to solve this issue for now and in future too!

First of all, let us understand why this error is caused. Every server with SSH maintains it's own unique identity that is unique and is validated every time on a remote server as well as the local server.

So, what is the primary cause of the Remote host identification has changed warning? The warning can be generated by many reasons but 99% of the times, Operating system is re-installed on the remote server that will change its identity, and your local server has an old identity of your remote server. There might be some other causes too! Like remote server's Host key has been updated.

We can clearly see the issue here. Let's make it easier to understand, For instance, the identity of our remote server is IAMREMOTESERVER1101 that our local server knows. But when we re-install Operating system on the remote server, host key will be updated too which will change the identity of the remote server. Let's assume that its new identity is IAMREMOTESERVER1011 that our local server does not know.

So, when we try to connect with the same host with different identity information, our local server will warn us that we are not connecting to the server we are supposed to. In that way, remote host identification has changed warning is saving us from trouble.

The simplest solution to get rid of this warning is to remove the old identity of the remote server so that we can store the new identity of the remote server. And that's what we are going to do.

How to Fix the “Remote Host Identification Has Changed” Error

The simplest way to resolve this issue is by removing the outdated key from your local machine’s known_hosts file. Follow these steps:

1. Run the Command:

user@locahost:~$ ssh-keygen -R REMOTE_HOST

This command removes the old RSA key associated with the remote server from your known_hosts file.

2. Reconnect to the Server : After running the command, try connecting to the remote server again. You’ll be prompted with a “yes/no” question to accept the new host key, just like when you connected for the first time. Type "yes" and press Enter. This will store the new identity in your known_hosts file.

Once done, you should be able to connect to the remote server without any issues. However, note that if the remote server’s host key changes again in the future (due to an OS reinstallation or a key update), you’ll need to repeat this process.

Why Is This Warning Important?

While it might seem like an inconvenience, the "remote host identification has changed" warning is actually a security feature designed to prevent unauthorized access and man-in-the-middle attacks. It ensures that you are connecting to the server you expect, rather than a potentially malicious one pretending to be your server.

FAQ