Updating host keys

 

Overview

This guide provides three methods to remove the host keys warning you may see when connecting to your domain/web server via SSH.

SSH credentials

When running the commands in this article, make sure to change username to your Shell user and hostname to your domain or web server hostname.

Background

The error message appears similar to the following:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the host key has just been changed.
The fingerprint for the key sent by the remote host is
FINGERPRINT DISPLAYED HERE
Please contact your system administrator.
Add correct host key in /home/username/.ssh/known_hosts to get rid of this message.
Offending key in /home/username/.ssh/known_hosts:219
    remove with:
    ssh-keygen -f '/home/username/.ssh/known_hosts' -R 'example.com'
Host key for example.com has changed and you have requested strict checking.
Host key verification failed.

This most often means that the web server's host key does not match the key listed in your computer's known_hosts file. This is not typically a cause for concern and can be resolved in a few different ways.

How to resolve the warning message

If you have connected to your server in the past, an old host key was stored in your computer's /username/.ssh/known_hosts file. The three methods below can be used to remove this error by editing or deleting this file.

These commands must be run on the computer that is attempting to connect to the DreamHost server.

Method 1 — Generate a new host key (macOS or Linux)

This method automatically deletes the old key from the file.

  1. Open a terminal on your computer.
  2. Run the ssh-keygen command using the path to your SSH user and hostname you're using to connect. 
    [local]$ ssh-keygen -f /home/username/.ssh/known_hosts' -R HOSTNAME
# Host example.com found: line 219
/home/username/.ssh/known_hosts updated.
  3. Try connecting again via SSH to your server.
    This time, you'll see the warning The authenticity of host can't be established. See the section below for information on resolving this warning.

Method 2 — Edit the known_hosts file

This method manually edits and deletes the specific host line in the file.

This is an advanced method. Only use edit the known_hosts if you are comfortable editing files via SSH.

Mac or Linux

  1. Locate the line # in the warning message. In the above example, the line number is 219. 
  2. Open a terminal on your computer.
  3. Navigate into the /home/username/.ssh/ directory. 
    [local]$ cd ~/.ssh
  4. Edit the known_hosts file. If you are on a Mac or Linux machine and if you are using the "vim" editor, you can simply type the following command to jump to that line: 
    [local]$ vim +219 known_hosts
    The editor opens to that specific line.
  5. Click the d key twice to delete that line.
  6. Type a colon (:) followed by the letter x: 
    [local]$ :x
  7. Press the Enter key to save.
  8. Try connecting again via SSH to your server.
    This time, you'll see the warning The authenticity of host can't be established. See the section below for information on resolving this warning.

Windows

On a Windows machine using PuTTY, navigate to the Registry folder as shown in method two above. In that directory, a list of hostnames appears. Right-click on the one you need to remove, and then select Delete.

Method 3 — Delete your known_hosts file

This method deletes your entire known_hosts file on your local computer.

Do not use this method if you log in to servers other than DreamHost. If so, you’ll have no way of knowing if your SSH keys have changed since all host keys will have been deleted.

Mac or Linux

  1. Open a terminal on your computer.
  2. Navigate to the .ssh directory. 
    [local]$ cd ~/.ssh
  3. Delete the known_host file: 
    [local]$ rm known_hosts
  4. Confirm the file no longer exists. 
    [local]$ ls -la
  5. Try connecting again via SSH to your server.
    This time, you'll see the warning The authenticity of host can't be established. See the section below for information on resolving this warning.

Windows (using PuTTY)

You must access the Windows registry to remove the known_hosts:

  1. Perform a search in the Start menu for regedit.exe.
  2. Navigate to HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys
  3. Choose to either delete all keys or the individual host key in this directory.
  4. Try connecting again via SSH to your server.
    This time, you'll see the warning The authenticity of host can't be established. See the section below for information on resolving this warning.

The authenticity of host can't be established

When connecting next time, you'll see the warning The authenticity of host can't be established. This just means it's not in your known_hosts file. You should confirm the fingerprint is what displays in the panel by using the instructions in the following article.

Once you have confirmed they match, proceed with logging in. The key is then automatically updated in your computer's known_hosts file.

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?

Contact Support

Status Updates

Go subscribe

ARTICLES & TUTORIALS

Visit the Blog

COMPANY ANNOUNCEMENTS

Visit DreamHost News