Updating host keys

This guide provides ways to remove the warnings you see when connecting to your domain/web server via SSH. The warning this guide pertains to is the 'host keys not matching':

If you remove known_host entries as recommended here, you are vulnerable to a man-in-the-middle attack.

If you see the following warning when accessing your domain or web server via SSH, it generally means that the host key does not match the key in your known_hosts file.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
REMOVED FOR SECURITY REASONS
Please contact your system administrator.
Add correct host key in /home/USER/.ssh/known_hosts to get rid of this message.
Offending key in /home/USER/.ssh/known_hosts:10278
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.

–

This is not typically a cause for concern and can be remedied in a few different ways.

There are three methods to remove this error. Please keep in mind that the modification to fix this needs to be performed on the client side, so if you are getting this connecting from home/work you must update that specific computer.

Method One — Generate a new host key (MAC or Linux)

Run the following command in your shell:

[server]$ ssh-keygen -R HOSTNAME.

• This method simply generates the new host key and connects you to your host/domain. This is probably the simplest method.

Method Two — Deleting your known_hosts file

If you log in to other servers, do not delete the known_hosts file, or you’ll have no way of knowing if your SSH keys have changed.

Delete your entire known_hosts file (on your local computer) if you have several hosts that need to be updated. On first log in, it confirms the new key.

• On a Mac or Linux machine – the known_hosts file is located in the .ssh/known_hosts directory. You can simply run this command in a terminal to delete the known_host file:

[server]$ rm .ssh/known_hosts

• On a Windows machine using PuTTY – you must access the registry to remove the known_hosts:

1. Open up ‘regedit.exe’ by doing a search.
2. Navigate to HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys
3. Delete all keys in there or delete the individual host key.

Method Three — Edit the known_hosts file

Edit the known_hosts file. In the above case, open the file /home/USER/.ssh/known_hosts in the preferred text editor, and then remove the problem line.

• This is similar to method two but rather than deleting the entire .known_hosts file, you delete the specific host line in the file instead.
• The warning message lists the line number; it can be found after the file name in the error. In the above error message, the line number is 10,278. If you are on a Mac or Linux machine and if you are using the “vi” editor, you can simply type the following command to jump to that line:

[server]$ vim +10278

The editor opens to that specific line. Click the ‘d’ key twice to delete that line, and then enter the following to save:

[server]$ :x

View the following article for further details on how to use 'vim'.

• Creating and editing a file via SSH

On a Windows machine using PuTTY, navigate to the Registry folder as shown in method two above. In that directory, a list of hostnames appears. Right click on the one you need to remove, and then select ‘Delete’.