Fix Remote Host Identification Has Changed! on macOS

I get this issue quite a bit in my homelab, and it’s expected as I frequently rebuild hosts, replace SSL certificates etc. The reason it happens is that the key to the IP address you’re connecting to is saved in the file, “known_hosts” from a previous session, and is now different to the one you are connecting to now.


nicholas@vwired-MBP ~ % ssh root@192.168.1.199
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:PmntgL/JHCr1KaYRZrWSw4juc5HO5McAk39hfksw70.
Please contact your system administrator.
Add correct host key in /Users/nicholas/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/nicholas/.ssh/known_hosts:5
Host key for 192.168.1.199 has changed and you have requested strict checking.
Host key verification failed.

The fix is relatively simple; you need to remove that host entry from your “known_hosts” file.

ssh-keygen -R <Hostname or IP Address>

See my example below.

nicholas@vwired-MBP ~ % ssh-keygen -R 192.168.1.199
# Host 192.168.1.199 found: line 5
/Users/nicholas/.ssh/known_hosts updated.
Original contents retained as /Users/nicholas/.ssh/known_hosts.old
nicholas@vwired-MBP ~ % 

I hope you found this helpful. Feel free to comment if you have any questions.

Leave a Reply