Perhaps the most common error during SSH and SFTP use is the iconic "Warning: remote host identification has changed". Without action, this message makes it difficult to connect to your VPS as normal.

Today we're going to walk you through why this happens, whether you should be concerned about your server's security, and how to remedy it if you judge it to be safe.

Why the error happens

The Warning: remote host identification error typically occurs when the unique fingerprint of your server does not match what was stored in your known_hosts file when you first connected. One common reason this key changes is because you have changed your root password or rebuilt your VPS server.

When you make these changes, your SSH client will notice that something about your connection has changed and surface a security warning. This is a good thing, because it raises awareness if an attacker is attempting to perform a man-in-the middle attack.

In a man-in-the-middle attack, an attacker will sit between your connect and your server with a fake SSH server holding the same IP. They'll then forward your traffic to the real SSH server, leaving you unaware that they're spying on and collecting everything you do.

To protect against this, your SSH client assumes that an attack is unlikely to occur the first time you connect to your server and stores its information. This way, if an attacker sits between your connection, it's able to tell that the server's unique certificate or key does not match.

When to remove your known_hosts entry

So, how do you tell the difference between a man-in-the-middle attack and a false positive caused by server changes? If there is no obvious reason for a false positive to occur, you should always exercise caution. If you have made the following changes recently, you can rest a little easier:

  • Changed your VPS password or SSH key
  • Rebuilt your server
  • Assigned the same IP address for multiple remote systems
  • Destroyed your server, then launched a new one that happened to have the same IP address
  • Switched operating systems or reinstalled

Of course, it can be possible to make one of these changes and then forget about it when you go to connect to your VPS at a later date. If you share a VPS between multiple people, one of them may have also made a change without telling you. If there's any uncertainty, we recommend you check the "Security" tab of your BitLaunch account. This will show a full list of major changes that have been made to your servers with their timestamp.

How to resolve the Warning: remote host identification has changed error

If you don't believe you're the victim of a man-in-the-middle attack, you can connect to your server again by simply removing the existing entry in your known_hosts file. There a few ways of doing this:

With a text-editor

You can browse to your known_hosts location with any text editor and deleting the line corresponding to your server's IP. The known_hosts file may be stored in the following locations:

  • Windows: %USERPROFILE%\\.ssh or %USERPROFILE%\\ssh
  • Linux and macOS:  .ssh/known_hosts

With ssh-keygen in the command-line

A potentially faster and more universal method to remove the line from your known_hosts is through ssh-keygen. You can use the following command to quickly delete the invalid key:

ssh-keygen -R "your.server.ip"

When you remove a fingerprint via this method, you old information will be stored in known_hosts.old.

Connecting to your server again after utilizing either method will store your server's new fingerprint in your known hosts file as if it were the first time you connected.