Add correct host key in .ssh/known_hosts to get rid of this message
When I tried to SSH from my device to server ip, I faced warning saying Remote Host Identification Has Changed and “Add correct host key in .ssh/known_hosts to get rid of this message”. This sneppet guides you how to fix this SSH issue or warning.
Warning: Add correct host key in .ssh/known_hosts
I logged in to my device and while trying to SSH to server ip from the command prompt, I got the following warning message and could not perform SSH due to this as the host key verification is failed.
c:/users/Administrator> ssh [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256: Kfbd/jhhdsRGjksdhgjhUjdksgj7877w4tKVE.... Please contact your system administrator. Add correct host key in C:\\Users\\Administrator/.ssh/known_hosts to get rid of this message. Offending ECDSA key in C:\\Users\\Administrator/.ssh/known_hosts:1 ECDSA host key for <ip> has changed and you have requested strict checking. Host key verification failed.
Root cause analysis: For Host key verification failed:
In my case I found that the server is upgraded, hence the remote server host identification is changed due to the upgrade. Therefore, the old key which got added in the known_hosts file is not working anymore.
Fix: Add correct host key in /.ssh/known_hosts
Follow the below steps to get rid of the message Add correct host key.. Offending ECDSA key in …
Approach 1
- Go to directory C:\Users\<user>\.ssh
- Open known_hosts file.
- Check if there is any entry for the server ip.
- Remove the entry related to the server ip (underlined in red colour).
- Finally, try SSH to the server ip again. It should work now.
Approach 2
- Go to directory C:\Users\<user>\.ssh
- Delete the known_hosts file.
- Try SSH to the server ip again. It should work now.
Approach 3
You can get ECDSA key of your server and add the response in the bottom of your /.ssh/known_hosts file.
- To get ECDSA key of your server, run the following command.
$ ssh-keyscan -t ecdsa 34.128.0.227 34.128.0.227 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD...
- Then, copy the entire response and paste at the bottom of the /.ssh/known_hosts file.
- Also, you can run the following command to remove any offending entry related to the server ip in the known_hosts file by running the following command.
ssh-keygen -R 34.128.0.227
You’ll also like:
- Set or change root password in Ubuntu Linux
- Linux: sudo: apt-get: command not found
- How to Start Stop Restart MariaDB on Linux OS ?
- Putty Fatal Error No supported authentication methods available
- How to find which users belongs to a specific group in linux
- Give write permissions for specific user or group for specific folder in linux
- How to unzip a zip file from Terminal (Google Cloud Shell)
- Build a Docker Image with a Dockerfile and Cloud Build in GCP?
- How to create GCP project on Google Cloud Platform
- MariaDB – How to set max_connections permanently ?
- How to check sshd logs and status in linux ?
- Create non-root SSH user account and provide access to specific folders
- MySQL : How to grant all privileges to the user on database ?
- Amazon Linux AMI : apt-get command not found
- How to get the first and last element of a list in Python ?
- Find the PID of the process that is using specific port ?
- Switch between users in Linux Terminal ?