Jesse Lawson

Bestselling author and open-source evangelist.

Jan 1, 0001 - Tutorials

How to fix "Host key verification failed" error

If you’ve ever rebuilt a server that you have connected to in the past, chances are you’ve received an error when trying to ssh back into it for the first time since the rebuild. If you’re getting a screen that says “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!“, the workaround is actually quite simple.

After rebuilding a cloud VPS, I tried to ssh back into it and receiving the following error:

ssh root@12.345.67.890
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
12:3q:45:w6:67:t7:56:34:er:2s:45:f9.
Please contact your system administrator.
Add correct host key in /home/Nicolas Cage/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/Nicolas Cage/.ssh/known_hosts:2
ECDSA host key for 12.345.67.890 has changed and you have requested strict checking.
Host key verification failed.

The key to fixing this is in the line that says “Offending ECDSA key.” This is the “offending” key that has triggered the error, and is the RSA key that was stored when you used to login to your server. Since you rebuilt the server, the key has changed, and now your computer’s ssh system is saying, “Hold on, this server you’re connecting to via this IP is not giving me the same ID. It could be that you just rebuilt the server, or it could be a man-in-the-middle attack!

Since we just rebuilt our VPS, this error is expected. To solve it, take a look at the last integer of the line that says “Offending ECDSA key,” because this integer is actually the line number inside your known_hosts file that’s throwing the error.

To correct it, simply go to your Terminal (or Command prompt on Windows) and type in the following command, changing the number 2 to whatever matches your own error (I’m using ‘2’ because the error from above says that my offending line is line 2):

sed -i '2d' ~/.ssh/known_hosts

And that’s it! This will delete the offending line from your known_hosts file and make it so you can log in again.