SSH known_hosts problem

When a domain has been moved from one server to another an issue with SSH logins may occur. The warning dialog that most SSH programs give will look like this:

 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
03:e1:f1:f8:ab:e5:5f:1c:bc:16:27:9a:2e:ee:0d:a4.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:2
RSA host key for domain.com has changed and you have requested strict checking.
Host key verification failed.

The SSH program will often exit on this message and you’ll be locked out from accessing your server via SSH.

This happens because the new server RSA key which is transmitted during authentication is now different from what it was on the old server.

If you’re sure that the RSA key change is not an accident you must remove the line in .ssh/known_hosts that corresponds to your domain name in order to be able to connect again. The line you need to remove is indicated in the message body:

Offending key in /home/user/.ssh/known_hosts:2

In this case remove the 2nd line from your known_hosts file and you’ll be able to connect again.

[alert style=danger]If you suspect the above happening because of some malicious activity, e.g. you haven’t migrated your website recently – contact our support immediately![/alert]


Was this article helpful?
Spread the word!