How to Fix Host Key Verification Failed During SSH Connection

SSH is believed to be the safest way to connect to a remote server. Recently, I connect to my Ubuntu server from a macOS Big Sur Hackintosh machine. It should be a simple and easy task. We can easily connect to a remote server from the Terminal in macOS. If everything works, we only need to enter the IP address or hostname of the remote server. And then it will ask for the password. Done.

But, for some reasons, you may end up with something like this.

 
 p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px Menlo; color: #2fff12; background-color: #000000; background-color: rgba(0, 0, 0, 0.9)} span.s1 {font-variant-ligatures: no-common-ligatures} 
 dhani@dhanis-MacBook-Pro ~ % ssh dhani@192.168.100.52
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
 Someone could be eavesdropping on you right now (man-in-the-middle attack)!
 It is also possible that a host key has just been changed.
 The fingerprint for the ECDSA key sent by the remote host is
 SHA256:ZhFG6A8Vov7YGXa/qIS/BUwbkdFyLP06Aqrrr549S8.
 Please contact your system administrator.
 Add correct host key in /Users/dhani/.ssh/known_hosts to get rid of this message.
 Offending ECDSA key in /Users/dhani/.ssh/known_hosts:12
 ECDSA host key for 192.168.100.52 has changed and you have requested strict checking.
 Host key verification failed. 

Every time we connect to a server via SSH, it will add a new entry to the known_host file. It contains the hostname or IP address followed by some random characters (host key identification). These characters are specific for each host and the system uses them to verify the connection between the server and the client (our local PC/mac).

Common case

For example, I have an Ubuntu server with IP address 192.168.100.52. And then I connect to it via SSH from a mac. Next day, I re-install the server operating system but I keep using the same IP address 192.168.100.52. In this case, when I try to connect from my Mac, I got this host key verification failed warning.

This issue happens because my Mac still has the record of the host verification id of the IP address 192.168.100.52 in the known_hosts file. My newly installed server now has a new key verification id which is different from the one in the known_hosts file. That’s why this error comes up.

How to Fix

To fix this issue, we need to edit the file known_hosts and then either remove or add a hashtag in front of the line where our IP address or host is has conflict. In this example, I added a hashtag in front of the host 192.168.100.52.

And then simply close and save the file. Now we can try to re-connect to the server and it should works.

Be the first to comment

Leave a Reply