The "REMOTE HOST IDENTIFICATION HAS CHANGED" error appears during SSH connections when the server's host key does not match the one previously stored in your ~/.ssh/known_hosts
file. This mismatch can occur when connecting to a server on a non-default port (not port 22), especially if the server was reinstalled, its SSH keys were regenerated, or the port configuration changed. This error is a security feature designed to prevent man-in-the-middle attacks, but it can also result from legitimate server changes or port reassignments.
Update or Remove the Outdated Host Key Entry
Step 1: Identify the exact host and port combination causing the error. The SSH error message will specify the offending line in your known_hosts
file, such as [hostname]:port
. For example, if you connect to example.com
on port 2222, the entry will appear as [example.com]:2222
.
Step 2: Open your ~/.ssh/known_hosts
file in a text editor. You can use nano
, vim
, or any editor of your choice.
nano ~/.ssh/known_hosts
Step 3: Locate the line that matches the host and port combination from Step 1. The error message usually tells you the line number. Delete the entire line to remove the outdated key.
Step 4: Save and close the file. If using nano
, press Ctrl + O
to write the changes, then Ctrl + X
to exit.
Step 5: Reconnect to the server using SSH. You will be prompted to confirm the new host key. Review the fingerprint carefully to confirm it is correct, then type yes
to proceed. This adds the new key to your known_hosts
file.
Remove the Host Key Entry Using ssh-keygen
Step 1: Use the ssh-keygen -R
command to remove the problematic host and port entry automatically. Replace hostname
and port
with the actual values:
ssh-keygen -R [hostname]:port
This command searches your known_hosts
file and deletes the entry for the specified host and port.
Step 2: Attempt to SSH into the server again. As with the manual method, review the new host key fingerprint when prompted, and confirm if it matches the expected value.
Clear All Known Hosts Entries (Use With Caution)
If you have many outdated entries or want to reset your trusted hosts list, you can clear the entire known_hosts
file. This approach removes all host key records, requiring you to verify every SSH connection anew.
Step 1: Backup your current known_hosts
file for safety:
cp ~/.ssh/known_hosts ~/.ssh/known_hosts.bak
Step 2: Clear the file by running:
truncate -s 0 ~/.ssh/known_hosts
Or simply delete it:
rm ~/.ssh/known_hosts
Step 3: SSH to your servers as needed, confirming each host key when prompted. Only use this method if you are certain you can verify the authenticity of all servers you connect to.
Resolving the SSH "REMOTE HOST IDENTIFICATION HAS CHANGED" error for connections using a port specifier ensures secure and uninterrupted access to your servers. Always confirm new host keys to protect against unauthorized access, and maintain your known_hosts
file for smooth SSH operations.
Member discussion