SSH Error - Remote Host Identification Has Changed

Summary

Has it been a while since you connected to the School of Computing Linux Labs, or are you the mark in a man-in-the-middle attack? This guide can help.

Body

When to Use? (and Why)

If it's been a while since you've connected to a CIS Linux lab computer via SSH, or there's been a recent hardware change, you might receive the following error when connecting:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Please contact your system administrator.
Add correct host key in /Users/admin/.ssh/known_hosts to get rid of this message.
Offending key in /Users/admin/.ssh/known_hosts:15
RSA host key for xxx.xxx.xxx.xxx has changed and you have requested strict checking.
Host key verification failed.

Always be cautious—but if you're seeing this error at the start of a new semester, it's likely nothing "nasty" is happening.

Why does this happen?

Essentially, the error is saying "Your computer saves the identification of servers and computers it connects to, and right now this one's identity doesn't match what is saved."

The error is almost comically scary—and while you should always use caution when receiving an error message while connecting to remote computers, there are some common and benign scenarios in our lab environment that will cause this error:

  • Re-provisioning/re-imaging of lab computers
  • Hardware changes to lab computers or servers

If it's the start of a new semester, and you haven't connected to one of these lab computers in a while, it's reasonable to assume that nothing suspicious is happening. You can simply delete the previously saved fingerprint and try connecting again.

If you're ever unsure, please feel free to contact ARC Support.

Procedure

Deleting Host Fingerprints from a Linux or macOS Terminal

  1. In the error message, identify the path where SSH keys are stored.
    Look for the phrase "Offending key in" and note the path
    The number that appears after the colon (":") would be the line of text the offending key is on
  2. Run the following to open the known_hosts file in the text editor nano
    nano .ssh/known_hosts

  3. You should see a list of IP addresses or hostnames and their RSA host keys

  4. Locate the hostname or IP address and delete that line

    1. In nano you can search a text file using control-w (Yes, it's control even on macOS)
    2. You can delete entire lines with control-k
  5. To save (or "WriteOut") the file, type command-o and then enter to confirm
  6. To exit nano, type control-x

Alternatively (and less securely), you can overwrite the entire known_hosts file using:

echo "" > .ssh/known_hosts

Deleting Host Fingerprints for PuTTY in Windows

  1. Open Registry Editor
    1. Click on the Start Menu and type regedit.exe
  2. On the left side of Registry Editor, navigate to HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys
  3. Find the host name of the offending fingerprint and delete it.
    1. Alternatively, you can delete all of the host keys, but you will not be alerted to other mismatches for computers you have previously connected to.

Windows Registry Editor Showing host fingerprints saved for PuTTY

Details

Details

Article ID: 555
Created
Mon 9/13/21 10:51 PM
Modified
Fri 8/23/24 2:41 PM