If you’re an experienced software developer, system administrator, or even someone who works with remote servers, chances are you’ve encountered the “Remove Host Identification has Changed” warning when using SSH. This warning is a common occurrence, and it’s usually nothing to worry about, but it can be annoying and disruptive to your workflow. In this article, we’ll look at what causes this warning to appear and how you can fix it to get back to work as quickly as possible.
What is the “Remove Host Identification has Changed” Warning?
When you connect to a remote server using SSH for the first time, your SSH client stores the server’s public key on your local machine. This key is used to verify the server’s identity in future connections. If the server’s public key changes (for example, if the server is reinstalled or if its IP address changes), your SSH client will detect the change and issue a warning:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/user/.ssh/known_hosts:1
RSA host key for example.com has changed and you have requested strict checking.
Host key verification failed.

This warning is designed to protect you from man-in-the-middle attacks, which occur when an attacker intercepts your connection and impersonates the remote server to steal your data. However, if you know that the server’s public key has changed due to a legitimate reason, such as a server reinstallation, you can safely remove the old key from your local machine and continue using SSH without the warning.
How to Fix the “Remove Host Identification has Changed” Warning
To fix the “Remove Host Identification has Changed” warning, you’ll need to remove the old key from your local machine’s SSH known_hosts file and add the new key. Here’s how to do it:
- Open your terminal or SSH client and navigate to your local machine’s SSH known_hosts file. This file is usually located at
~/.ssh/known_hosts
. You can open the file in a text editor or view it in the terminal using thecat
command. - Locate the line in the file that corresponds to the server you’re trying to connect to. The line will look something like this:
example.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwH5a1K+Q1z3Dq...
- Delete the entire line that corresponds to the old key. Be careful not to delete any other lines in the file.
- Save the changes to the file.
- Attempt to connect to the server again using SSH. Your SSH client should now prompt you to add the new key to your known_hosts file:
The authenticity of host 'example.com (x.x.x.x)' can't be established.
RSA key fingerprint is xx:xx:xx:xx:
- Verify that the new key fingerprint matches the expected value. This value should be provided by the server administrator, and you can usually find it in the server’s documentation or configuration files.
- If the fingerprint matches, type “yes” to add the new key to your known_hosts file. Your SSH client should now connect to the server without displaying the warning.
- If the fingerprint does not match, do not add the key to your known_hosts file, as this may indicate a man-in-the-middle attack. Instead, contact the server administrator to confirm the correct key fingerprint and resolve the issue.
Best Practices for SSH Security
While the “Remove Host Identification has Changed” warning can be an annoyance, it’s an important security feature that protects you from man-in-the-middle attacks. To ensure the security of your SSH connections, here are some best practices to follow:
- Use strong passwords or public key authentication to secure your SSH connections.
- Verify the fingerprints of SSH host keys before connecting to a server for the first time.
- Regularly monitor your known_hosts file for changes, and investigate any unexpected changes.
- Enable strict host key checking in your SSH client configuration to prevent connections to unknown servers.
- Keep your SSH client and server software up-to-date with the latest security patches.
By following these best practices, you can help ensure the security and integrity of your SSH connections.
Conclusion
The “Remove Host Identification has Changed” warning is a common occurrence when using SSH, but it’s an important security feature that protects you from man-in-the-middle attacks. By following the steps outlined in this article, you can safely remove old SSH keys from your local machine and add new ones to continue using SSH without the warning. Remember to always verify the fingerprints of SSH host keys before connecting to a server for the first time, and to follow best practices for SSH security to ensure the integrity and security of your connections.
Find out more
📕 Related articles about Linux
- How to use download accelerator in Linux terminal
- How to Create an SSH SOCKS Proxy for Secure and Private Browsing
- How to Disable Password Authentication in SSH
- How to set file and folder permission in Linux
- How to Create RAR File Archive in Linux
- Most Common Utilities to Create Archives in Linux