When you use SSH to login to a remote system, the host’s identification key is stored inside your user’s home folder. If you try to SSH into the remote system again in the future, your computer will check to make sure that you’re logging into the same system as before. Sure, the IP address or hostname might be the same, but maybe a different system has taken over that IP or hostname. If that’s the case, you wouldn’t want to enter your password into the foreign system.
When this is detected, you’ll receive a warning to the effect of WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!. Then again, sometimes a remote host’s keys could have changed for a perfectly legitimate reason. If you know this to be true, then you can ignore the warning.
In this guide, we’ll show you how to bypass the SSH remote host warning, as well as permanently remedy the problem on a Linux system. Read on to see how.
In this tutorial you will learn:
- How to remove invalid SSH host key from config
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Any Linux distro |
| Software | OpenSSH |
| Other | Privileged access to your Linux system as root or via the sudo command. |
| Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
You should only ignore this warning message if you’re confident that the remote system has not been replaced by a remote system (man in the middle attack). Otherwise, your username and password data could be compromised.
Remove invalid SSH host key
In order to get rid of the warning message, we need to update the key that we have stored for the remote host. The key will be stored inside your ~/.ssh/known_hosts file. You can see the contents of this file with the following command.
$ cat ~/.ssh/known_hosts
To remove the offending line, use the following command. Just as an example, we’ll remove the line associated with host linuxconfig.org.
$ ssh-keygen -f "/home/linuxconfig/.ssh/known_hosts" -R "linuxconfig.org"
The output of the warning will usually generate the command above for you automatically. So it’s as simple as copying and pasting the line on your screen. Just be careful that you trust the remote system. Now we can simply SSH into the host and accept the new host keys as normal.
