The “Warning: Remote Host Identification has Changed” message appears when you try and connect over SSH to a remote server, and there’s a mismatch between the server’s public key and what’s stored on your local machine.
In this article, I’ll explain how to replicate the error, what it means, how to fix it in both PowerShell and PuTTY, and when to worry.
When Does “Warning: Remote Host Identification has Changed” Error Occur?
For the “Warning: Remote Host Identification has Changed” message to appear, the following conditions must be met:
- You need to have connected to a certain remote server at a specific IP address before
- Either the server’s public key needs to have changed, or the key stored on your local system has changed, or you’re actually connecting to a completely different server (the most dangerous)
If both of these connections are met, you’ll see the error message.
Priority #1: Ensure That It’s Not A Security Breach
First, before you try and fix this problem ensure that you’re connecting to the right server. If you’re the root user of the VPS and you’ve verified that it’s the same VPS, then you don’t need to worry. If, on the other hand, if you’re connecting into someone else’s VPS (say an office VPS), then you should contact the VPS administrator and ask them to verify that the IP address of the VPS hasn’t changed. This error exists for a reason, and it could be the result of what we call a “Man-in-the-Middle” attack.
But there are other reasons why the error can occur even in a non-malicious environment. And that’s why you need to know how to fix it.
How To Fix The “Warning: Remote Host Identification Has Changed” Message
Once you’ve assured yourself that this isn’t a man-in-the-middle attack, it’s time to fix the error. Some SSH clients like PuTTY will warn you and let you connect, either once or permanently. Others like PowerShell on Windows simply won’t let you proceed. Here’s how to identify and fix the error message with both of these tools.
How To Fix The Error On Windows PowerShell
If you’re getting the error on Windows PowerShell, it’ll look something like this:
As you can see, the tool doesn’t allow you to proceed further. This means that if PowerShell is your only means of accessing SSH to your server, then you need a fix pronto!
To fix this error, you need to locate the “known_hosts” file on Windows. As of Windows 11, click the Windows Start button and type in the following:
%USERPROFILE%
This will bring you to your profile folder. Here, you need to enable the viewing of hidden folders. To do this, click the three dots on the top of the folder and click “Options”. In the following dialog box, click “View” as shown here:
In the list of settings below, click “Show hidden files, folders, or drives”. This will enable you to see things that Windows normally doesn’t show you. Specifically, files and folders that begin with a dot (.). Once this is enabled, you will be able to see a new folder in the %USERPROFILE% folder called “.ssh”. Open it, and you should see an entry called “known_hosts”.
Open this file in an editor and you’ll see a number of entries, each belonging to a specific IP address. Delete the lines that correspond to the IP address of the VPS to which you’re trying to log in and save your changes. This will reset the configuration of the SSH connection and make it look as if you’re connecting to your VPS via PowerShell for the first time.
After deleting the lines and saving your changes, try connecting to your VPS once again using PowerShell. This time, it should work.
How To Fix The Error On PuTTY
More than PowerShell, however, PuTTY is the most popular Windows client used to connect to VPS servers via SSH. More than PowerShell, however, PuTTY is the most popular Windows client used to connect to VPS servers via SSH. The “Remote Host Identification has Changed” warning doesn’t display in the same way on PuTTY as it does on PowerShell, but the basic concept is the same. The procedure for fixing the issue on PuTTY is different, though because PuTTY stores its keys, not in a file like PowerShell, but in the registry.
When you connect to a VPS server over SSH using PuTTY for the first time, you see the following message:
As you can see, PuTTY recognizes that the server’s public key isn’t stored in the registry, and for new servers, it stores it in the following location:
Computer\HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys
For Windows users, you can find this location by pressing the “Start” key or opening the Start menu and typing “Regedit”. After bypassing the security warning, paste the above location into Regedit’s address bar. You should see something like this:
Each of these entries corresponds to a certain server at a specific IP address. The information in the registry is presented in a key/value format. The “Key” is on the left-hand side, each of which is for a specific server. The “Value” is the “Data” column containing the server’s public key. It’s important to note, that PuTTY stores the server key in a different format from how the server stores it, so the two won’t look the same. Your server stores the keys in the OpenSSH format, whereas PuTTY stores them in the “.ppk” format.
PuTTY includes a utility called PuTTYGen which allows you to convert the formats back and forth from one another. Here’s the link to download the latest versions of both PuTTYGen and PuTTY. You should keep both these programs handy for operations like this, even if you don’t need the tools immediately.
If your server’s public key changes, PuTTY won’t recognize the server, and will display a message like this:
The scary warning should alert you that something’s wrong. Unlike with PowerShell, however, PuTTY allows you to connect to the server either temporarily – via the “Connect Once” button – or permanently update the key in the registry using the “Accept” button. Take heed of PuTTY’s advice in the last line – Pressing “Cancel” is the ONLY guaranteed safe choice!
In general, I prefer PuTTY to Windows PowerShell for connecting via SSH, because it lets you save various configurations in a GUI format, and as you can see, key management is easier, with PuTTY giving you more options.
Conclusion
The “Warning: Remote Host Identification has Changed” message is a crucial part of the security architecture, that allows you to detect malicious man-in-the-middle attacks, and can save you from compromising your login information. However, most of the time it’s because something has changed on the origin server – either someone has re-installed the SSH package, or reconfigured it, or installed a new version of the OS. In such situations, simply getting rid of the public key stored on your local machine is enough to solve the problem. As shown above, you can do with automatically with PuTTY, or manually with PowerShell.
Whichever method you choose, make sure that you verify that the server is the same!
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!
Leave a Reply