Updating host keys

 

Overview

This guide provides three methods to remove the host keys not matching warning you may see when connecting to your domain/web server via SSH.

Background

The error message appears similar to the following:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the host key has just been changed.
The fingerprint for the key sent by the remote host is
REMOVED FOR SECURITY REASONS
Please contact your system administrator.
Add correct host key in /home/username/.ssh/known_hosts to get rid of this message.
Offending key in /home/username/.ssh/known_hosts:10278
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.

This most often means that the web server's host key does not match the key listed in your computer's known_hosts file. This is not typically a cause for concern and can be resolved in a few different ways.

How to resolve the warning message

There are three methods to remove this error.

Where to run these commands

Please keep in mind that these modifications must be performed on the computer that is attempting to connect to the DreamHost server.

SSH credentials

In the following examples, change username to your Shell user and hostname to your domain or web server hostname.

Method 1 — Generate a new host key (MAC or Linux)

If you have connected to your server in the past, an old host key was stored in your computer's /user/.ssh/known_hosts file. You must now delete this old key.

  1. Open a terminal on your computer.
  2. Run the following command using the hostname you're trying to connect to.
    [local]$ ssh-keygen -R HOSTNAME
    
  3. Try connecting again via SSH to your server.
    This time, you'll see the warning The server's host key is unknown. See the section below for information on resolving this.

Method 2 — Deleting your known_hosts file

This method deletes your entire known_hosts file on your local computer.

Do not use this method if you log in to servers other than DreamHost. If so, you’ll have no way of knowing if your SSH keys have changed since all host keys will have been deleted.

Mac or Linux

  1. Open a terminal on your computer.
  2. Navigate to the .ssh directory.
    [local]$ cd ~/.ssh
    
  3. Delete the known_host file:
    [local]$ rm known_hosts
    
  4. Confirm the file no longer exists.
    [local]$ ls -la
    

Windows (using PuTTY)

You must access the Windows registry to remove the known_hosts:

  1. Perform a search in the Start menu for regedit.exe.
  2. Navigate to HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys
  3. You can either delete all keys or the individual host key in this directory.
  4. Try connecting again via SSH to your server.
    This time, you'll see the warning The server's host key is unknown. See the section below for information on resolving this.

Method 3 — Edit the known_hosts file

This is similar to method two, but rather than deleting the entire known_hosts file, you delete the specific host line in the file instead.

This is an advanced method. Only use edit the known_hosts if you are comfortable editing files via SSH.

Mac or Linux

  1. Locate the line # in the warning message. In the above example, the line number is 10,278. 
  2. Open a terminal on your computer.
  3. Navigate into the /home/username/.ssh/ directory.
    [local]$ cd ~/.ssh
  4. Edit the known_hosts file. If you are on a Mac or Linux machine and if you are using the "vim" editor, you can simply type the following command to jump to that line:
    [local]$ vim +10278 known_hosts
    The editor opens to that specific line.
  5. Click the d key twice to delete that line.
  6. Type a colon (:) followed by the letter x:
    [local]$ :x
  7. Press the Enter key to save.
  8. Try connecting again via SSH to your server.
    This time, you'll see the warning The server's host key is unknown. See the section below for information on resolving this.

Windows

On a Windows machine using PuTTY, navigate to the Registry folder as shown in method two above. In that directory, a list of hostnames appears. Right-click on the one you need to remove, and then select Delete.

The server's host key is unknown

When connecting next time, you'll see the warning The server's host key is unknown. This just means it's not in your known_hosts file. You should confirm the fingerprint is what displays in the panel by using the instructions in the following article.

Once you have confirmed they match, you can log in and the key is automatically updated in your computer's known_hosts file.

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?