SSH Remote Host Identification has changed Error and Fixes
Normally you see this message by remotely accessing via ssh on target systems like Cisco, Juniper or Linux/Unix for possible reasons like:
a.The target systems’ hostname or IP address have changed, and previously belong to a different server which of course has a different public key
b. Server’s public key has changed like SSH reinstallation or update, OS reinstallation or the ssh keygen was being re-run.
c. Can be related to security like unauthorized access or middle in the man attack is happening
Sample:
[tux@jumphost1 ~]$ ssh freelinux
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
2c:46:b0:b5:67:2b:a7:a9:89:5a:cd:13:ff:36:db:b2.
Please contact your system administrator.
Add correct host key in /home/tux/.ssh/known_hosts to get rid of this message.
Offending key in /home/tux/.ssh/known_hosts:339
RSA host key for freelinux has changed and you have requested strict checking.
Host key verification failed.
Fix#1
Delete the offending key directly on the command line
[tux@SSH-01 ~]$ sed -i “339 d” ~/.ssh/known_hosts
Fix#2
Manually delete the line
a.using vi editor, go into the file
[tux@SSH-01 ~]$vi .ssh/known_hosts
b. go to line, e.g. 339
:339
c. delete the line with “dd” and save/exit
dd
Shift+zz ( or :wq!)
Fix#3
Delete the known_hosts file
[tux@SSH-01 ~]$rm .ssh/known_hosts
Fix#4
Remove keys using ssh-keygen -R option
(from man ssh-keygen)
-R hostname
Removes all keys belonging to hostname from a known_hosts file.
This option is useful to delete hashed hosts (see the -H option
above).
[tux@SSH-01 ~]$ssh-keygen -R hostname
Test after change:
tux@SSH-01 ~]$ ssh freelinux
The authenticity of host ‘freelinux(192.168.1.100)’ can’t be established.
RSA key fingerprint is 2c:46:b0:b5:67:2b:a7:a9:89:5a:cd:13:ff:36:db:b2.
Are you sure you want to continue connecting (yes/no)? yes
