When you connect to a server via SSH for the first time, the program sends you a warning saying that it doesn’t recognize the remote host, and can’t be sure that the server to which you’re connecting, is in fact the one to which you intend to connect.
This is normal, and unless you’ve manually added the public key to your local machine’s list of keys, you’ll see it every time you connect to a server with a new IP address. The particular error message will vary depending on which program you’re using to connect via SSH, but “The authenticity of host can’t be established” is unique to Windows PowerShell.
In this article, I’ll show you how to deal with this error, and even how to replicate it by manually removing your server’s SSH key from the “know_hosts” file. In addition, I’ll also show you how to deal with this message when you’re using PuTTY – another popular SSH program.
“The authenticity of host can’t be established”
If you’re using Windows PowerShell to connect to a remote VPS for the first time, you’ll get this error message as shown here:
The message serves an important purpose. Every server has a special sequence of characters and symbols called the “public key”. This key is like a unique fingerprint of a server and is used by the local client (your machine) to encrypt some data as part of the authentication process and send it back to the server. If the server is indeed who it is claiming to be, then it will have access to a special “private key” that it can use to decrypt the data, thus confirming to the local machine that its identity is genuine.
When you attempt to connect to a server for the first time, your local machine doesn’t know whether or not the server on the other end can be trusted, since it doesn’t (yet) have a copy of its public key. This could be a problem, for example, if the remote server were wiped and taken over by someone else, thereby generating a new public key. This could lead to a “remote host identification has changed” warning.
How to Replicate the “authenticity of host can’t be established” Error
If you want to see for yourself how the “authenticity of host can’t be established” message appears, you might have some difficulty because chances are, you’ve already connected your local machine to your server at least once. But don’t worry – here’s how to replicate it.
First, make sure that you’re using Windows PowerShell. While other programs like PuTTY have similar warnings, the specific error message above is unique to Windows. If you’ve never connected to your server via PowerShell yet, and instead only used a program like PuTTY, you’re in luck! You can connect to the server for the first time by opening PowerShell and typing the following command:
ssh username@your_server_ip
Replace “username” with your username and “your_server_ip” with the IP address of your VPS server. If this is your first time, you’ll get a warning message like the one shown above in the screenshot.
If, however, you’ve already connected to your server once, then you’re out of luck. You need to manually delete the keys from your known_hosts file.
Deleting the Keys from the known_hosts File
Click the start button and type the following into the search bar:
%USERPROFILE%
This will open your user profile. By default, Windows doesn’t show you hidden files, so you have to select the option to enable their display. To do this, go to the folder settings via the three dots at the top, click “Options”, and select the “View” tab like this:
In the above dialog box, select the option “Show hidden files, folders, and drives”. This makes visible those items whose name starts with a dot (.), indicating that they are hidden files or folders. Windows does this to prevent you from accidentally changing important files that are unrelated to the direct use of your PC. However, the file that we want to change is located in the hidden folder “.ssh”. After making the selection, save your changes.
Now you should be able to see the “.ssh” folder. Open it, and find the “known_hosts” file. It doesn’t have an extension, so it won’t open automatically when you click it. But if you right-click and select “Open With”, you should be able to use a text editor like Notepad to peer into its contents.
The “known_hosts” file contains a series of lines, each of which corresponds to the public key of a specific VPS server to which you’ve connected in the past. Find the lines corresponding to the server to which you normally connect and delete it. You may find that there is more than one line, and you can delete them all. Now save your changes.
The next time you use a Windows program like PowerShell to connect to the remote VPS whose IP you removed, you will be able to see the message “the authenticity of host can’t be established”. This is because the known_hosts file no longer contains the public key of the server and Windows can’t trust that you’re connecting to the right one anymore.
Replicating the Error When you’re Using PuTTY
The above error is specific to connecting to a VPS using a Windows application like PowerShell. However, this doesn’t mean that other popular SSH clients like PuTTY ignore the absence of public keys in local storage. It just means that the error message is different and that they might not store the keys in the same way as Windows does.
PuTTY is the most popular SSH client right now, and it stores its keys, not in a file, but in a registry. To see them, open your registry on Windows and search for the following location:
Computer\HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys
When you open this folder in Regedit, here is what you see:
In this folder, you’ll see a series of keys, each of which corresponds to a type of VPS to which you can connect. The “Data” column contains the actual key. Note that PuTTY stores its keys in a different format from the traditional OpenSSH, so this might not be the same key that you see in the “known_hosts” file. But if you want to replicate the same message on PuTTY that you see in PowerShell, delete the keys corresponding to the server to which you need to connect and then try connecting via SSH.
With PuTTY, you’ll get a message that looks like this:
The equivalent PuTTY error message is “The server’s host key is not cached in the registry”. You can see that it means the same thing.
Conclusion
In short, the message “The authenticity of host can’t be established” isn’t really an error message or an indication that you’re doing something wrong. It’s just a statement of fact. If you’re sure that the server to which you’re connecting is up and running properly, and your IP address is correct, then go ahead and accept the connection – either once or for all future connections. If you choose the latter option, you won’t have to see it again.
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!
Phil Brady says
Had this problem connecting Windows 10 to a Linux based pi.
Edited C:\Users\Philip\.ssh\known_hosts to remove obsolete key but still not working.
Found it worked though under a different windows user. The difference?
Found a file C:\User\Philip\.ssh\config which redirected to /dev/null.
Host *
UserKnownHostsFile=/dev/null
Renamed it and ssh now works.
You might like to add that to your super article.