A secure internet connection is not just the ideal — it’s essential. In fact, we’re going to go as far as saying it’s the number one priority for your website. The “Warning: Remote host identification has changed” error protects your connection from certain malicious attacks, although in some cases, you can inadvertently cause the error too.
The error is related to your Secure Shell (SSH) keys and the server “fingerprint” a client will check for. If Secure Shell thinks there’s an issue, it will block access to your server and throw an error. But you can fix this in a few steps.
Over the next few minutes, we’re going to show you how to fix the “Warning: Remote host identification has changed” error for both Windows and Mac. First, though, let’s give you some more details on the error message itself.
A secure internet connection is not just the ideal — it’s essential 💪 While it may be annoying, this error protects your connection from attacks. 🙅♀️ Learn more ⬇️Click to Tweet
What the “Warning: Remote Host Identification Has Changed” Error Is
One of the most secure ways to connect to a web server is to use SSH. It’s a command-line tool that lets you access an insecure network securely. Consider it like a “super-SFTP” type of setup, although it’s not a 1:1 comparison in practice.
You can access your site from almost anywhere you can use the internet, as long as you have the right login credentials. What’s more, most macOS and Linux machines have an SSH client built into the Operating System (OS). For Windows, you’ll use a dedicated interface (and we’ll talk about this in more detail later).
As for the “Warning: Remote host identification has changed” error, it relates to the security checks your client will do. An SSH connection uses dedicated “keys” — small files stored on your computer — as authentication. It’s sort of like a Secure Sockets Layers (SSL) handshake, and in fact, there are some high-level similarities between SSH and SSL.
One aspect the keys help with is to provide a permanent fingerprint of its host server. This will make sure the connection is accurate and that you’re not subject to a “machine-in-the-middle” attack.
If the client thinks those fingerprints differ from what it understands to be correct, you’ll get the “Warning: Remote host identification has changed” error at the point of login:
[user@hostname ~]$ ssh root@user
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx:xx:xx.
Please contact your system administrator.
Add correct host key in /home/hostname /.ssh/known_hosts to get rid of this message.
Offending RSA key in /var/lib/sss/pubconf/known_hosts:4
RSA host key for user has changed and you have requested strict checking.
Host key verification failed.As errors go, this is detailed and clear — it tells you what’s happened, a potential reason for why, and how you might fix it.
However, there’s one aspect we can touch on a little further before showing you how to fix the “Warning: Remote host identification has changed” error.
How the known_hosts File Helps SSH Authentication
You’ll notice that the error message references a known_hosts file. The name should give you a clue as to what it contains, but for clarity, it’s a list of SSH remote hosts known to the computer. It’s used as a reference client file for the authentication process.
When you first connect to a server, you’ll often get a confirmation request through your interface, asking whether you want to connect. If so, this fingerprint will become part of your known_hosts file.
Of course, if the fingerprint differs from what is in the known_hosts file, this could indicate a malicious user is targeting you. In other cases, you may already know why there’s a difference, although it pays to be vigilant regardless.
How To Fix the “Warning: Remote Host Identification Has Changed” Error (on Windows and Mac)
You can work to fix the “Warning: Remote host identification has changed” error for both Windows and macOS. However, you have more flexibility for doing so on Mac.
We’ll cover lots of the ways you can make things right again, starting with Windows.
1. Windows
It’s important to note that Windows machines might not have a known_hosts file. However, if you use the OpenSSH client, there is a file. To find it, open the Windows search bar, and navigate to your user folder with the %USERPROFILE% command.
This will open the directory within the File Explorer. There will also be a .ssh folder within:
The file we want in this folder is known_hosts. You can open this with Notepad (or your favorite text editor). Inside will be a list of keys:
Here, you can delete the key that’s causing the problem, then resave the file.
Some users may prefer the PuTTY client. The keys sit in the Registry, although they perform the same purpose as OpenSSH.
You’ll want to open the Windows Registry Editor (otherwise known as “regedit”). You can do this in whatever way you’re comfortable, but the quickest way is to type the app’s name into Window’s search bar:
Here, look for the following destination within regedit:
HKEY_CURRENT_USER/Software/SimonTatham/PuTTY/SshHostKeys/You’ll see a list of entries here relating to the saved connections on your computer. Your job is to delete whichever one is causing an issue:
Once you click on the Delete button, you’ll also need to confirm that you want to remove the key:
Clicking Yes here means the key will be gone for good, and you shouldn’t get the “Warning: Remote host identification has changed” error any longer.
2. Mac
The Mac has a couple of ways to fix the “Warning: Remote host identification has changed” error — either through a premium app such as SSH Config Editor or the Terminal. The results will be the same, so we advise you to choose whichever option is more comfortable (and budget-friendly).
Our preferred approach is to access the file within a Terminal window (or iTerm2 if you use that app), and also open it with a dedicated Nano or Vim editor. This is because it’s accessible to everyone and straightforward to use regardless of your experience level.
Here, we’re going to use Nano. First, open your Terminal using whatever process is most comfortable:
From here, run the nano ~/.ssh/known_hosts command in your window. This will open a new Nano instance and display the keys within your known_hosts file:
You should delete the key causing the “Warning: Remote host identification has changed” error, then save your changes.
You might also want to delete the entire known_hosts file, especially if you only use SSH for one or two sites. To do this, you can run rm .ssh/known_hosts in a Terminal window.
There’s one more method to alter the known_hosts file on Mac: using the ssh-keygen utility from the command line. This is great if you don’t want to dig into the file itself, or if you want to work with only one site or key.
To achieve this, open a Terminal window and run ssh-keygen, followed by your server hostname. For example:
ssh-keygen -R server.example.comThis won’t ask you if you want to delete the specified lines, so make sure you’re removing the right ones before proceeding:
Once this is done, you shouldn’t get the “Warning: Remote host identification has changed” error from there on out.
Ever seen this error? 😅 It’s not always a bad thing (it’s protecting your connection from malicious attacks!), but it can be accidentally caused by your own activity. 😬 Learn more in this guide ⬇️Click to Tweet
Summary
Web security isn’t just about installing plugins and creating a strong password. The connections you use to log into servers need your utmost attention. If you don’t want to be subject to a machine-in-the-middle attack, you’ll want to use SSH access when you log in.
However, the system works almost too well. You may get the “Warning: Remote host identification has changed” error for a few reasons, and some are innocent.
Regardless, you can fix the error in no time through a Command Prompt or Terminal, using just a handful of commands.
The problem is that you’ve previously accepted an SSH connection to a remote computer and that remote computer’s digital fingerprint or SHA256 hash key has changed since you last connected. Thus when you try to SSH again or use github to pull code, which also uses SSH, you get an error. Why? Because you’re using the same remote computer address as before but the remote computer is responding with a different fingerprint. Therefore, it’s possible that someone is spoofing the computer you previously connected to. This is a security issue.
If you’re 100% sure that the remote computer isn’t compromised, hacked, being spoofed, etc then all you need to do is delete the entry in your known_hosts file for the remote computer. That will solve the issue as there will no longer be a mismatch with SHA256 fingerprint IDs when connecting.
On Mac here’s what I did:
1) Find the line of output that reads RSA host key for servername:port has changed and you have requested strict checking. You’ll need both the servername and potentially port from that log output.
2) Back up the SSH known hosts file cp /Users/yourmacusername/.ssh/known_hosts /Users/yourmacusername/.ssh/known_hosts.bak
3) Find the line where the computer’s old fingerprint is stored and delete it. You can search for the specific offending remote computer fingerprint using the servername and port from step #1. nano /Users/yourmacusername/.ssh/known_hosts
4) CTRL-X to quit and choose Y to save changes
Now type ssh -p port servername and you will receive the original prompt you did when you first tried to SSH to that computer. You will then be given the option to save that remote computer’s updated SHA256 fingerprint to your known_hosts file. If you’re using SSH over port 22 then the -p argument is not necessary.
Any issues you can restore the original known_hosts file: cp /Users/yourmacusername/.ssh/known_hosts.bak /Users/yourmacusername/.ssh/known_hosts
Для работы проектов iXBT.com нужны файлы cookie и сервисы аналитики.
Продолжая посещать сайты проектов вы соглашаетесь с нашей
Политикой в отношении файлов cookie
Если вы работали с GitHub по SSH и вдруг встретились с ошибкой @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @, у меня для вас две новости: хорошая и плохая. Хорошая: ошибку исправить можно. Плохая: придётся немного заняться камасутрой.
24 марта 2023 года GitHub изменил свой серверный SSH ключ из-за кратковременной утечки внутренней информации компании. Простыми словами, они выложили не тот файл не в то место, но быстро среагировали и написали об этом.
Фанаты сервиса могли прочитать новость в блоге компании. Но если вы не фанат GitHub, то вы, скорее всего, узнали об этом из страшного сообщения в консоли при попытке взаимодействия со своим репозиторием на сайте:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
В официальном сообщении из блога GitHub предлагают такое вот решение:
1. Удалить старые ключи простой командой:
$ ssh-keygen -R github.com
2. Затем вручную добавить следующую строчку в файл known_hosts:
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
Файл known_hosts располагается:
- ~/.ssh/known_hosts в ОС семейства Linux
- C:\Users\USERNAME\.ssh в ОС Winodws
Если вы работаете на Linux, можно поступить ещё проще — выполнить две команды:
$ ssh-keygen -R github.com
$ curl -L https://api.github.com/meta* | jq -r '.ssh_keys | .[]' | sed -e 's/^/github.com /' >> ~/.ssh/known_hosts
Но если вы используете Windows, велика вероятность того, что официальная инструкция вам нихрена не поможет. Мне не помогла, даже после ручного редактирования файла known_hosts пуш в GitHub по SSH у меня не получился.
Короче, официальный метод не работает. Что делать дальше? Поскольку я значительно глупее чем Chat GPT 4, мне потребовалось несколько часов, много нецензурных ругательств и тонна нервных клеток, чтобы найти решение.
1. Установите сервер Open SSH. Перейдите в: Параметры системы (звёздочка в меню пуск) > Приложения и возможности > Управление дополнительными компонентами > Добавить компонент > Сервер OpenSSH
2. Дождитесь завершения установки. Если при установке произошёл сбой, проверьте, возможно у вас уже есть установленный сервер OpenSSH в папке C:\Windows\System32\OpenSSH. Честно сказать, не припоминаю, чтобы я что-то такое выполнял при первоначальной установке Git.
3. Затем настраиваем переменные среды — подсказываем системе, где искать SSH-сервер. Правой кнопкой мыши на «Мой компьютер» > свойства > Дополнительные параметры системы > Переменные среды > Создать переменную. Можно создать на уровне пользователя, а можно на уровне системы, без разницы.
4. Создайте переменную с именем GIT_SSH и значением C:\Windows\System32\OpenSSH.
5. Проверьте работоспособность SSH-сервера. Откройте Powershell под администратором И выполните последовательно команды:
> Get-Service ssh-agent
Status Name DisplayName
------ ---- -----------
Stopped ssh-agent OpenSSH Authentication Agent
Команда проверит, где располагается служба SSH-сервера.
> Get-Service ssh-agent | Select StartType
StartType
---------
Disabled
Команда покажет статус службы SSH-сервера. В ответ можно получить три варианта ответа: Disabled — служба остановлена, Manual — служба запускается вручную и Automatic — служба запускается автоматически. Дальше необходимо указать то, как служба будет запускаться.
> Get-Service -Name ssh-agent | Set-Service -StartupType Automatic
Укажите любой желаемый вариант. Я предпочитаю не думать и дать службе запускаться автоматически. То же самое можно выполнить из меню управления службами Windows.
6. По идее на этом шаге всё, можно бежать клонировать репозитории по SSH. Но мне пришлось потупить ещё немного.
7. Сперва пришлось запустить сам SSH-агент так, чтобы система его обнаружила.
Часто рекомендуют сделать это при помощи следующей команды:
eval "$(ssh-agent)"
Но вы им не верьте, это команда для Linux, в Винде она не работает. Поэтому используйте вот эту команду:
ssh-agent bash
8. И вот теперь можно добавить SSH-ключ стандартной командой:
ssh-add <путь-до-ключа>
9. Если команда не сработала, а вы уже на взводе, есть решение. Идите в диспетчер задач и остановите все-все сервисы ssh.
Затем повторите шаги 7-8.
10. Если система всё ещё упорно отказывается воспринимать ключи, придётся действовать радикально. Идите в каталог C:\Users\USERNAME\.ssh и снесите всё к чёртовой бабушке.
Заново создайте в папке файл с именем known_hosts без расширения, добавьте в него строки, предоставленные GitHub:
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
Я не стал запариваться, просто скопировал все три строки и вставил их в пустой файл.
11. Затем я снова остановил все SSH-агенты и заново выполнил команду:
ssh-add <путь-до-ключа>
Теперь всё заработало. Надеюсь, эта инструкция вам помогла.
Инструкция, как сгенерировать SSH-ключ уже любезно предоставлена GitHub по ссылке.
- * — Социальные сети Instagram и Facebook принадлежат компании Meta и запрещены в РФ. Компания Meta признана экстремистской организацией на территории Российской Федерации.
Linux
- 03.04.2018
- 27 421
- 4
- 12.03.2019
- 27
- 27
- 0
- Содержание статьи
- Описание ошибки
- Причина возникновения ошибки
- Как ее исправить
- Комментарии к статье ( 4 шт )
- Добавить комментарий
Данная ошибка может появляться при попытке подключения к другому компьютеру через ssh и sftp протоколы.
Описание ошибки
Полностью она выглядит так:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:5VLqurxCsGZoX78FWhcaEQkHwAtq+Xzp1tBfOxKQQzE.
Please contact your system administrator.
Add correct host key in /home/ajiekceu4/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/ajiekceu4/.ssh/known_hosts:5
remove with:
ssh-keygen -f «/home/ajiekceu4/.ssh/known_hosts» -R sysadmin.ru
ECDSA host key for sysadmin.ru has changed and you have requested strict checking.
Host key verification failed.
Причина возникновения ошибки
Как видно из описания, данная ошибка может появляться в том случае, когда на устройстве, к которому вы пытаетесь подключиться, изменился ключ и он не совпадает с тем ключом, который вы уже получали ранее, когда осуществляли подключение к этому устройству в предыдущие разы. Причины могут быть разные:
- Был изменен сертификат на устройстве и соответственно поменялся ECDSA ключ (из соображений безопасности, например);
- Переустановлена ОС на устройстве и соответственно изменился сертификат;
- Кто то пытается вас обмануть;
Как ее исправить
Если вы точно знаете, что сертификат на удаленном устройстве, к которому вы пытаетесь подключиться изменился и это не попытка вас обмануть со стороны заинтересованных лиц, то исправить эту ошибку очень просто. Необходимо просто удалить текущий ключ для данного домена (в нашем примере sysadmin.ru), сделать это можно командой, которая описана в самом тексте ошибки:
ssh-keygen -f "/home/ajiekceu4/.ssh/known_hosts" -R sysadmin.ruВ случае успеха, вывод команды должен быть примерно таким:
# Host sysadmin.ru found: line 10
/home/ajiekceu4/.ssh/known_hosts updated.
Original contents retained as /home/ajiekceu4/.ssh/known_hosts.oldПосле этого, необходимо еще раз попытаться подключиться к удаленному хосту и подтвердить установку нового ключа, написав «yes»
ssh root@sysadmin.ru
The authenticity of host 'sysadmin.ru (88.99.12.44)' can't be established.
ECDSA key fingerprint is SHA256:5VLaarxCsGZcv78FWphaEQkHwAtq+Zzp1tBfOXKQQzE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'sysadmin.ru' (ECDSA) to the list of known hosts.
Posted:
13 Jun, 23
Updated:
29 Jun, 23
by Susith Nonis
4 Min
List of content you will read in this article:
If you’re receiving the dreaded «Warning: Remote Host Identification Has Changed» message, don’t panic. It may seem like your remote server has gone rogue and changed its identity, but fear not — this error is fixable. Whether you’re working from home or the office, we’ve got you covered with our easy-to-follow guide. You’ll be back to access your remote server confidently without warning messages throwing you off track. So, buckle up and get ready to take control of your server with our step-by-step solution.
What is the “Remote Host Identification Has Changed” Error?
Picture this: you’re working away on your remote server, feeling like a tech-savvy superhero, when suddenly, you’re hit with a warning message that seems to be written in another language. «Remote Host Identification Has Changed» — what on earth could this mean? Well, fear not, my friend, as we’re here to break it down for you in a way that even your grandparents can understand.
This error occurs when your computer no longer recognizes the identity of the remote server you’re trying to connect to. It could be due to a change in the server’s IP address or the transfer of the server’s public key to a new computer. Whatever the reason, it’s fixable — so don’t throw in the towel just yet.
Now, you might be wondering why this error even matters. Well, my dear friend, think of it like this: it’s like going to a party and not being able to recognize the host. You might get uneasy and question whether you’re in the right place. The same goes for your computer — if it can’t verify the remote host’s identity, it might not allow you to connect, leaving you feeling lost and frustrated. But don’t worry; we’ll help you return to the party (aka your server) quickly.
🧲🧲Experience the power and flexibility of Windows VPS, the ultimate solution for seamless performance, unrivalled scalability, and effortless management.🧲🧲
How to Fix the “Remote Host Identification Has Changed” Error
We’ve been side-tracked for long enough. Let’s get into how to fix this error on Windows and MacOS.
Windows
- Open a command prompt or PowerShell window as an administrator.
- Type “ssh-keygen -R [hostname or IP address]” and press Enter, where [hostname or IP address] is the name or address of the remote host that has changed its key. This command removes the old key from your known host file.
- Connect to the remote host again using SSH, and accept the new key when prompted. Alternatively, you can use the “ssh-keyscan” tool to retrieve the new key and add it to your known hosts’ file manually.
MacOS
- Open a terminal window on your macOS system.
- Type “ssh-keygen -R [hostname or IP address]” and press Enter, where [hostname or IP address] is the name or address of the remote host that has changed its key. This command removes the old key from your known host’s file.
- Connect to the remote host again using SSH, and accept the new key when prompted. Alternatively, you can use the “ssh-keyscan” tool to retrieve the new key and add it to your known host’s file manually. You can also manually edit your known host file using a text editor and remove the old key.
Conclusion
- The «Warning: Remote Host Identification Has Changed» error is an SSH error message indicating a change in the identity of a remote host.
- Various factors, including reinstallation of the operating system, changes in the network infrastructure, or a man-in-the-middle attack, can cause this error.
- To fix this error, users can manually edit the known_hosts file, remove the old host key, replace it with the new one, or add the new key to the file through the ssh-keyscan command.
People also read:
- Install OpenSSH Server and Client on Windows
- How to Connect to SSH with Private Key
- SSH Terminal for Mac/Windows/Linux
- The ultimate guide to manage your files via SSH