The "REMOTE HOST IDENTIFICATION HAS CHANGED" error appears during SSH connections when the server's host key does not match the one previously stored in your ~/.ssh/known_hosts file. This mismatch can occur when connecting to a server on a non-default port (not port 22), especially if the server was reinstalled, its SSH keys were regenerated, or the port configuration changed. This error is a security feature designed to prevent man-in-the-middle attacks, but it can also result from legitimate server changes or port reassignments.

Update or Remove the Outdated Host Key Entry

Step 1: Identify the exact host and port combination causing the error. The SSH error message will specify the offending line in your known_hosts file, such as [hostname]:port. For example, if you connect to example.com on port 2222, the entry will appear as [example.com]:2222.

Step 2: Open your ~/.ssh/known_hosts file in a text editor. You can use nano, vim, or any editor of your choice.

nano ~/.ssh/known_hosts

Step 3: Locate the line that matches the host and port combination from Step 1. The error message usually tells you the line number. Delete the entire line to remove the outdated key.

Step 4: Save and close the file. If using nano, press Ctrl + O to write the changes, then Ctrl + X to exit.

Step 5: Reconnect to the server using SSH. You will be prompted to confirm the new host key. Review the fingerprint carefully to confirm it is correct, then type yes to proceed. This adds the new key to your known_hosts file.


Remove the Host Key Entry Using ssh-keygen

Step 1: Use the ssh-keygen -R command to remove the problematic host and port entry automatically. Replace hostname and port with the actual values:

ssh-keygen -R [hostname]:port

This command searches your known_hosts file and deletes the entry for the specified host and port.

Step 2: Attempt to SSH into the server again. As with the manual method, review the new host key fingerprint when prompted, and confirm if it matches the expected value.


Clear All Known Hosts Entries (Use With Caution)

If you have many outdated entries or want to reset your trusted hosts list, you can clear the entire known_hosts file. This approach removes all host key records, requiring you to verify every SSH connection anew.

Step 1: Backup your current known_hosts file for safety:

cp ~/.ssh/known_hosts ~/.ssh/known_hosts.bak

Step 2: Clear the file by running:

truncate -s 0 ~/.ssh/known_hosts

Or simply delete it:

rm ~/.ssh/known_hosts

Step 3: SSH to your servers as needed, confirming each host key when prompted. Only use this method if you are certain you can verify the authenticity of all servers you connect to.


Resolving the SSH "REMOTE HOST IDENTIFICATION HAS CHANGED" error for connections using a port specifier ensures secure and uninterrupted access to your servers. Always confirm new host keys to protect against unauthorized access, and maintain your known_hosts file for smooth SSH operations.